We take the security of py-agent-core seriously. This document outlines the versions we actively support with security updates and the process for reporting security vulnerabilities.
Only the latest major and minor release version of py-agent-core is actively supported with security updates.
| Version | Supported |
|---|---|
| v0.1.x | ✅ |
| < v0.1 | ❌ |
If you discover a security vulnerability in this project, please do not open a public issue. Instead, report it privately through one of the following channels:
- GitHub Private Vulnerability Reporting: If available, submit a report privately via the "Security" tab of this repository on GitHub.
- Email: Contact the project maintainers directly (you can open an issue requesting a private security email contact).
Please include the following details in your report:
- A detailed description of the vulnerability.
- Steps to reproduce or a minimal proof-of-concept (PoC) script.
- Potential impact of the vulnerability.
Upon receiving a private security report:
- Acknowledgment: The maintainers will acknowledge receipt of your report within 48 hours.
- Investigation: We will investigate the issue and verify the vulnerability privately.
- Fix and Advisory: We will develop a fix and coordinate a release date. We aim to release a patch and issue a security advisory within 30 days of confirmation.