We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in AIKit, please report it to us as follows:
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing:
You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- All code changes require review before merging to main
- Automated security scanning runs on all pull requests
- Dependencies are regularly updated via Dependabot
- Code signing is used for releases
- Download binaries only from official GitHub releases
- Verify checksums when available
- Keep your AIKit installation updated
- Use PAT tokens with minimal required permissions
We kindly ask that you:
- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Don't perform DoS attacks or degrade services
- Don't spam our systems with automated tools
We will acknowledge your contribution to keeping AIKit secure and may include your name in our Hall of Fame (if you wish).