Mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2025-12-28 13:20:30 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
main
jquery/SECURITY.md
Ulises Gascón 02cf4ee090
Some checks failed
Browserstack / ${{ matrix.BROWSER }} (Chrome_latest) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Chrome_latest-1) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Edge_latest) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Edge_latest-1) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Firefox_latest) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Firefox_latest-1) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (IE_11) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Opera_latest) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Safari_17) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Safari_18) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (Safari_latest) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (__iOS_16) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (__iOS_17) (push) Has been cancelled
Details
Browserstack / ${{ matrix.BROWSER }} (__iOS_18) (push) Has been cancelled
Details
Code scanning - action / CodeQL-Build (push) Has been cancelled
Details
Filestash / Update Filestash (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 22.x, test:esm) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 22.x, test:no-deprecated) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 22.x, test:selector-native) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 22.x, test:slim) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome/Firefox, 22.x, test:browser) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Firefox ESR (new), 22.x, test:firefox) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Firefox ESR (old), 22.x, test:firefox) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 18.x, test:browserless) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 20.x, test:browserless) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 22.x, lint) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 22.x, test:browserless) (push) Has been cancelled
Details
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 23.x, test:browserless) (push) Has been cancelled
Details
Node / test:ie - IE (push) Has been cancelled
Details
Node / test:safari - Safari (push) Has been cancelled
Details
docs: updated the vulnerability reporting process and added escalation steps 
Ref: https://github.com/openjs-foundation/cross-project-council/pull/1588

Closes gh-5701
2025-09-09 10:30:02 -04:00

1.5 KiB
Raw Permalink Blame History

Security Policy

Supported Versions

The latest released version of jQuery is supported.

Reporting a Vulnerability

Please report security issues privately:

Do not file public GitHub issues for security problems.

When reporting, please include:

  • Affected project/repo and version(s)
  • Impact and component(s) involved
  • Reproduction steps or PoC (if available)
  • Your contact and preferred credit name

If you do not receive an acknowledgement of your report within 6 business days, or if you cannot find a private security contact for the project, you may escalate to the OpenJS Foundation CNA at security@lists.openjsf.org.

If the project acknowledges your report but does not provide any further response or engagement within 14 days, escalation is also appropriate.

Coordination & Disclosure

Important:

  • If the vulnerability is considered valid and accepted, a patch will be made for the latest jQuery version.
  • If the vulnerability is deemed invalid, no further action is required.

We follow coordinated vulnerability disclosure:

  • We will acknowledge your report, assess impact, and work on a fix.
  • We aim to provide status updates at reasonable intervals until resolution.
  • We will publish a security advisory (and CVE via the OpenJS CNA when applicable) once a fix or mitigation is available. We credit reporters by default unless you request otherwise.