Vulnerability Reporting
How to Report
Preferred: GitHub Security Advisories
- Navigate to the Security tab on our GitHub repository
- Click "Report a vulnerability"
- Fill in the details (type, affected component, reproduction steps, impact)
Disclosure Process
- Reporter submits vulnerability
- We acknowledge within 48 hours
- We assess severity within 7 days
- We develop and test a fix
- We release the fix
- We publicly disclose (with reporter credit, if desired)
Recognition
With your permission, we will:
- Credit you in the security advisory
- Add you to our security acknowledgments
- Provide a letter of appreciation (upon request)
Security Updates
- Security updates are released as patch versions
- Agents support self-updating for rapid deployment
- Watch this repository for releases
- Subscribe to GitHub security advisories