jvagent is in its 0.x pre-1.0 line. Security fixes are applied to the latest released version on PyPI and the main branch. Older pre-releases are not maintained — please upgrade to the latest release before reporting.

Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Report privately using one of:

• GitHub's private vulnerability reporting (preferred — "Report a vulnerability" under the Security tab), or
• Email admin@trueselph.com with the details below.

Please include:

• A description of the vulnerability and its impact.
• Steps to reproduce or a proof of concept.
• Affected version(s) and environment.
• Any suggested remediation, if known.

• We aim to acknowledge your report within 3 business days.
• We will investigate, keep you updated on progress, and coordinate a fix and disclosure timeline with you.
• With your permission, we will credit you in the release notes once a fix ships.

Thank you for helping keep jvagent and its users safe.