We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of PageIndex seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Use GitHub private vulnerability reporting for coordinated disclosure.
Please include the following information in your report:
- Description: A clear description of the vulnerability
- Impact: The potential impact of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Proof of Concept: If possible, include a proof of concept
- Suggested Fix: If you have ideas on how to fix the issue
- We will acknowledge receipt of your report within 48 hours
- We will provide a detailed response within 7 days
- We will keep you informed of the progress toward fixing the vulnerability
- We will notify you when the vulnerability has been fixed
- We will work with you to understand and resolve the issue quickly
- We will credit you for the discovery (if you wish)
- We will not disclose the vulnerability publicly until a fix is available
- We will coordinate public disclosure with you
When using PageIndex:
- API Keys: Never commit API keys to version control
- Dependencies: Keep dependencies up to date (
go mod tidy) - Input Validation: Validate all user inputs
- Error Handling: Don't expose sensitive information in error messages
- Logging: Be careful not to log sensitive data
- LLM API Keys: PageIndex requires LLM API keys. Store them securely using environment variables
- File Access: PageIndex reads PDF and Markdown files. Ensure proper file permissions
- Network Requests: PageIndex makes HTTP requests to LLM APIs. Ensure proper network security
Thank you for helping keep PageIndex and our users safe!