SECURITY.md

Thelatest released version of jQuery is supported.

Please report security issuesprivately:

• Email:security@jquery.com

Do not file public GitHub issues for security problems.

When reporting, please include:

• Affected project/repo and version(s)
• Impact and component(s) involved
• Reproduction steps or PoC (if available)
• Your contact and preferred credit name

If you do not receive an acknowledgement of your report within6 business days, or if you cannot find a private security contact for the project, you mayescalate to the OpenJS Foundation CNA atsecurity@lists.openjsf.org.

If the project acknowledges your report but does not provide any further response or engagement within14 days, escalation is also appropriate.

Important:

• If the vulnerability is considered valid and accepted, a patch will be made for the latest jQuery version.
• If the vulnerability is deemed invalid, no further action is required.

We follow coordinated vulnerability disclosure:

• We will acknowledge your report, assess impact, and work on a fix.
• We aim to provide status updates at reasonable intervals until resolution.
• We will publish a security advisory (andCVE via the OpenJS CNA when applicable) once a fix or mitigation is available. We credit reporters by default unless you request otherwise.