File size: 1,704 Bytes
a0ebf39 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | # Security Policy for OpenMAIC
Thank you for helping us keep OpenMAIC secure! We take the security of our platform, multi-agent engine, and users very seriously.
## Supported Versions
We currently provide security updates for the latest major release and the active `main` branch. Please ensure you are running the most recent version of OpenMAIC before submitting a report.
| Version | Supported |
| ------- | ------------------ |
| main | :white_check_mark: |
| Latest Release | :white_check_mark: |
| Older Versions | :x: |
## Reporting a Vulnerability
If you discover a security vulnerability in OpenMAIC, **please do not create a public GitHub issue.** Publicly disclosing a vulnerability can put other users and self-hosted instances at risk.
Instead, please report it privately using one of the following methods:
**GitHub Private Vulnerability Reporting:** Go to the [Security tab](https://github.com/THU-MAIC/OpenMAIC/security) of the repository, click on "Advisories", and select "Report a vulnerability".
**What to include in your report:**
* A description of the vulnerability and its potential impact.
* Detailed steps to reproduce the issue.
* Any relevant logs, screenshots, or code snippets.
* (Optional) Suggested mitigation or a patch.
We will acknowledge receipt of your vulnerability report within 48 hours and strive to send you regular updates about our progress.
## Disclosure Process
When a vulnerability is confirmed and patched, we will publish a GitHub Security Advisory detailing the issue, the impacted versions, and the fix. We will also credit the security researcher who reported the issue (unless they prefer to remain anonymous).
|