We actively support the following versions of HackAgent with security updates:
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Older releases | ❌ |
We take the security of HackAgent seriously. If you discover a security vulnerability, please report it to us privately.
Contact: ais@ai4i.it
Expected Response SLA:
- Acknowledgement: Within 48 hours of receiving your report.
- Initial Assessment: Within 14 days with a detailed plan for addressing the issue.
- Status Updates: Once a month until the vulnerability is resolved.
We follow a coordinated disclosure process:
- Security report received and acknowledged.
- Issue is verified and fixed in a private fork.
- Security advisory is published on GitHub.
- Patch is released to the main branch.
- Public disclosure after fix is available (typically 24-48 hours after patch).
Currently, we do not provide a PGP key for encrypted communication. Please use the secure contact email above.
Vulnerabilities in the following areas are within scope:
- Authentication and authorization mechanisms
- Data handling and privacy protections
- Code injection vulnerabilities
- Dependency vulnerabilities in
requirements.txt/pyproject.toml