Last updated: February 28, 2026 Jaidu is a forked control-plane and host-agent project. We welcome responsible reports of potential security vulnerabilities that affect the control plane, relay, jaidu-agent, or host execution boundaries.

How to Report a Security Issue

If you believe you’ve discovered a vulnerability in Jaidu that falls within scope, use the repository vulnerability reporting flow if it is enabled, or contact the maintainers through the security channel configured for your deployment. When submitting a report, include the following where possible:
  • Summary of the vulnerability and its potential impact
  • Steps to reproduce the issue (logs or clear descriptions help)
  • Environment details (OS, browser, device, etc.)
  • Proof-of-concept code or any relevant exploit details
Upon receipt of your report, we will:
  1. Acknowledge it in a timely manner.
  2. Investigate and triage the issue.
  3. Communicate with you for clarification or retesting if needed.
  4. Work to remediate the issue and keep you updated.

What’s In Scope

The current fork does not define a public hosted bounty scope. Reports should identify the affected repository component, deployment, or shared development server environment when applicable. If you are unsure whether something is in scope, please contact us before testing.

What’s Out of Scope

To ensure everyone’s safety and to focus on issues that genuinely affect our users, the following are considered out of scope:
  • Automated scanning without prior coordination
  • Social engineering targeting maintainers, operators, or users
  • Rate-limiting or missing headers that do not lead to material harm
  • Brute force or denial-of-service attacks
  • Attacks requiring physical access to systems or interception of another user’s network traffic
  • Theoretical vulnerabilities without a practical proof of exploitability

Please Do Not

  • Access or modify any data that does not belong to you
  • Disrupt our services or cause downtime
  • Share details of the issue publicly before we have had a chance to fix it

Report Format Recommendations

To help us diagnose issues efficiently, reports should include:
  • A clear summary and title of the issue
  • Affected URL(s) or components
  • Exact steps to reproduce, including logs or clear descriptions where appropriate
  • Environment and version details
  • Proof-of-concept code or payloads

Safe Harbour & Recognition

We respect the efforts of security researchers who act in good faith and follow this Responsible Disclosure policy. Provided you comply with this policy, the project maintainers will not pursue legal action against individuals reporting vulnerabilities responsibly. Researchers who submit valid and impactful reports may also receive recognition or other discretionary rewards at the maintainers’ discretion.

Confidentiality

All information you share with us as part of your report will be handled confidentially. We will not disclose sensitive details publicly before remediation, and we will coordinate with you if public acknowledgement is planned.

Bounty & Rewards

Jaidu does not currently define a public bounty programme for this fork.