We take the security of jest-metadata seriously. If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Please do not report security vulnerabilities through public GitHub issues.

• Via Email: Send an email to yaroslavs@wix.com. If possible, encrypt your message with our PGP public key to keep the information secure.

Please provide detailed information about the vulnerability, including:

• Description of the vulnerability
• Potential impact if it was exploited
• A detailed reproduction case, preferably with code examples and/or screenshots

• We will acknowledge receipt of the vulnerability report and send an initial response within 2 weeks.
• We will keep you informed of the progress towards fixing the vulnerability.
• We will mention your contribution when we fix the vulnerability (unless you prefer to remain anonymous).

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not pursue legal action against you.

Please refrain from sharing about the vulnerability until we have resolved it, to ensure that users have ample opportunity to update and are not unnecessarily put at risk.

We are deeply grateful to all the conscientious users who help us ensure the security and privacy of jest-metadata users.