Skip to content

Arcjet security

Vulnerability & patch management policy

External vulnerability reports are logged and assigned to an individual responsible for that component. They will be assessed and a patch released or update applied within 10 working days. We do not operate a bug bounty program, but encourage Coordinated Vulnerability Disclosure via

We apply security updates within 10 working days or in the case of our SDKs when building a new release, whichever is sooner. However, in the case of a critical vulnerability, such as one that is being actively exploited, we aim to implement a mitigation or patch as quickly as possible. All other updates are reviewed and applied within 20 working days.

Security updates

We provide security updates for the latest and previous major SDK releases. See our support policy for details.

Security contact

Please email for anything security related.