This project is maintained on a best-effort basis with no guaranteed response SLA.
| Version | Supported |
|---|---|
| 0.0.x (current mainline) | ✅ |
| < 0.0.1 | ❌ |
Please do not disclose security vulnerabilities publicly in a regular issue before maintainers have a chance to assess them.
Preferred reporting path:
- Use GitHub private security reporting (Security Advisory) if available for this repository.
- If private reporting is not available, open an issue with a minimal description and request a private follow-up (do not include exploit details or sensitive data).
For non-security help, use the support workflow in SUPPORT.md.
- Affected component/file/path
- Steps to reproduce
- Potential impact
- Suggested mitigation (if known)
- Logs/screenshots/sanitized artifacts
Maintainers will triage reports on a best-effort basis, validate impact, and coordinate remediation.
Target timelines (best-effort, not guaranteed):
- Initial triage acknowledgement: within 7 calendar days
- Severity assessment: within 14 calendar days
- Remediation plan or mitigation guidance: within 30 calendar days for confirmed high-impact issues
This policy covers vulnerabilities in this repository’s code, scripts, configs, and documentation automation.
Third-party AI models and external container images are governed by their own projects and licensing/security processes; please report vulnerabilities to the corresponding upstream project when appropriate.
This repository does not create AI models. Any model downloaded or used through these tools is subject to its own license and terms.