Contact: gemc@jlab.org
Do not open public issues for security bugs.
We provide security fixes for:
- The default branch (next release)
| Version | Supported | 
|---|---|
| dev | ✅ | 
| 1.0 | ❌ | 
Email gemc@jlab.org with:
- What the issue is and why it matters
- Steps to reproduce (a minimal PoC if possible)
- Affected version / commit and environment
If you prefer to use GitHub’s private reporting (if enabled), use Security → Report a vulnerability.
- We’ll acknowledge your report and start triage as soon as we can.
- We’ll work on a fix and coordinate a release or mitigation.
- We’ll credit you (name or handle) if you want.
- In scope: GEMC code in the official repositories and our published container images.
- Out of scope: vulnerabilities that are only in third-party dependencies (please report upstream; you can CC us).
Thanks for helping keep GEMC users safe.