Report a vulnerability in a Jumbo Interactive product
While we do not have a formalised bug bounty program at this time, we would appreciate having a reasonable time (up to 90 days) to fix any such vulnerabilities before they become public.
Please read before proceeding:
- We welcome reports on security vulnerabilities from non-customers.
- Please use this form only for reporting security vulnerabilities in Jumbo Interactive Products.
- This is not a general support page and we do not provide product support via this page.
- We do not handle bug reports or provide support for products not maintained by us. Please address such reports and inquiries directly to the respective maintainers and community forums.
Jumbo Interactive maintains the following policy of responsible vulnerability fixing:
- Releases, including maintenance, minor and major releases, will include cumulative fixes for vulnerabilities that are found, verified and able to be fixed within the timeframe of the release.
- We will make reasonable efforts to issue releases to mitigate or fix vulnerabilities for all applicable and supported versions.
- In the case of critical risk, high impact vulnerabilities, we will make all reasonable effort to expedite maintenance releases for all affected versions.