The Jano Ticketing System maintainers take security very seriously. We welcome any peer review of open source code to ensure nobody's system is ever compromised or hacked.

In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Please use our vulnerability disclosure program at Hacker One to provide details and reproduction steps. We aim to acknowledge all reports within 3 business days, and confirm any vulnerability present within 28 business days.

For more serious issues, you may encrypt your message using our PGP key with the fingerprint D497 FB0F E525 E821 B3D3 0BD1 3051 F368 F96A 5D1C.

Security issues always take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.