If you discover a security vulnerability in Jixia, please do not open a public issue first.
Report the vulnerability privately to the maintainers using the repository's private vulnerability reporting path once the GitHub repository is published. If that path is not yet available, contact the maintainer through a private channel and include enough detail to reproduce the issue safely.
- affected area or file path
- reproduction steps
- impact assessment
- whether credentials, private data, or storage boundaries are involved
The highest-priority security issues for Jixia include:
- secret exposure
- raw provider key leakage
- broken visibility enforcement
- unsafe storage-path handling
- missing auditability around AI jobs