The Ajetreo team and community take security bugs in OMS seriously. Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.

We currently do not offer a paid security bounty program, but are not ruling it out in the future.

Please DO NOT file a public issue, instead send your report privately to security@ajetreo.co and include the word "SECURITY" in the subject line.

The Ajetreo team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report security bugs in third-party modules to the person or team maintaining the module.