This document outlines security procedures and policies for the J2Commerce Project.
The J2Commerce team takes all security bugs in J2Commerce and its add-ons seriously.
If you find a possible vulnerability, please report it to us using support@j2commerce.com.
For support with a site which has been attacked, please open a private ticket at J2Commerce Support..
Thank you for improving the security of J2Commerce.
The J2Commerce team aims to ensure all issues are handled in a timely manner and for clear communication between the team and issue reporters. We have established the following guidelines for responding to issue reports:
- Within 24 hours every report gets acknowledged
- Within 7 days every report gets a further response stating either
- the issue is closed (and why)
- the issue is still under investigation; if needed, additional information will be requested
- Within 21 days every report must be resolved unless there are exceptional circumstances requiring additional time
- Verified vulnerabilities will only be publicly announced AFTER a release is issued which fixes the vulnerability.
- All announcements will contain as much information as possible, but will NOT contain step-by-step instructions for the vulnerability.
J2Commercewill properly credit individuals and/or organizations who responsibly disclose security issues to our team.