JSONata is supported on a reasonable endeavours basis. Patches will be applied to the latest version rather than retroactively to older versions. To ensure you are using the most secure version of JSONata, please make sure you have the latest release. The JSONata Exerciser uses the latest release by default.

In most scenarios, the most appropriate way to report a vulnerability is to raise a new issue describing the problem in as much detail as possible, ideally with examples. This will obviously be public. If you feel that the vulnerability is significant enough to warrant a private disclosure, please email security@jsonata.org.