Skip to content

Security: symbolicsoft/jevil

Security

SECURITY.md

Security Policy

Supported Versions

Only the latest release on the main branch is supported. Users should always update to the latest version.

Reporting a Vulnerability

If you discover a security vulnerability in jevil, you are welcome to report it by opening a GitHub issue or submitting a pull request with a fix. There is no requirement for coordinated or private disclosure — use whichever method you prefer.

Please include:

  • A description of the vulnerability and its potential impact.
  • Steps to reproduce the issue, or a proof of concept if applicable.
  • A tested, complete fix, if possible.

Disclaimer

⚠️ EXPERIMENTAL — DO NOT USE IN PRODUCTION ⚠️

This is a research-grade proof-of-concept implementation of a brand-new, completely novel cryptographic scheme. Both the scheme itself and this implementation have received close to zero peer review.

  • The construction has not been vetted by the cryptographic community.
  • The security proofs have not been independently verified.
  • The code has not been audited.
  • There are almost certainly bugs, side channels, and possibly fundamental design flaws that have not yet been discovered.
  • APIs, wire formats, and parameter choices may change without notice.

Treat this repository as a research artifact only. Do not use it to protect anything you care about. Do not deploy it. Do not rely on it for any security property whatsoever.

There aren't any published security advisories