Skip to content

Security: akatzmann/py-agent-core

Security

SECURITY.md

Security Policy

We take the security of py-agent-core seriously. This document outlines the versions we actively support with security updates and the process for reporting security vulnerabilities.


Supported Versions

Only the latest major and minor release version of py-agent-core is actively supported with security updates.

Version Supported
v0.1.x
< v0.1

Reporting a Vulnerability

If you discover a security vulnerability in this project, please do not open a public issue. Instead, report it privately through one of the following channels:

  • GitHub Private Vulnerability Reporting: If available, submit a report privately via the "Security" tab of this repository on GitHub.
  • Email: Contact the project maintainers directly (you can open an issue requesting a private security email contact).

Please include the following details in your report:

  • A detailed description of the vulnerability.
  • Steps to reproduce or a minimal proof-of-concept (PoC) script.
  • Potential impact of the vulnerability.

Disclosure Process

Upon receiving a private security report:

  1. Acknowledgment: The maintainers will acknowledge receipt of your report within 48 hours.
  2. Investigation: We will investigate the issue and verify the vulnerability privately.
  3. Fix and Advisory: We will develop a fix and coordinate a release date. We aim to release a patch and issue a security advisory within 30 days of confirmation.

There aren't any published security advisories