github/AutoGPT
1
1
Fork 0
mirror of https://github.com/Significant-Gravitas/AutoGPT.git synced 2026-01-05 05:14:14 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
AutoGPT/SECURITY.md
Nicholas Tindle da2aa34e3e docs(security): Update disclosure timeline (#9581) 
<!-- Clearly explain the need for these changes: -->
Update the security.md based on some advice we got :)

### Changes 🏗️
- Adds an update time window and clarifies time spans
<!-- Concisely describe all of the changes made in this pull request:
-->
2025-03-06 15:59:07 +00:00

2.4 KiB
Raw Permalink Blame History

Security Policy

Reporting Security Issues

We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Important Note: Any code within the classic/ folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.

Instead, please report them via:

Reporting Process

  1. Submit Report: Use one of the above channels to submit your report
  2. Response Time: Our team will acknowledge receipt of your report within 14 business days.
  3. Collaboration: We will collaborate with you to understand and validate the issue
  4. Resolution: We will work on a fix and coordinate the release process

Disclosure Policy

  • Please provide detailed reports with reproducible steps
  • Include the version/commit hash where you discovered the vulnerability
  • Allow us a 90-day security fix window before any public disclosure
  • After patch is released, allow 30 days for users to update before public disclosure (for a total of 120 days max between update time and fix time)
  • Share any potential mitigations or workarounds if known

Supported Versions

Only the following versions are eligible for security updates:

Version Supported
Latest release on master branch
Development commits (pre-master)
Classic folder (deprecated)
All other versions

Security Best Practices

When using this project:

  1. Always use the latest stable version
  2. Review security advisories before updating
  3. Follow our security documentation and guidelines
  4. Keep your dependencies up to date
  5. Do not use code from the classic/ folder as it is deprecated and unsupported

Past Security Advisories

For a list of past security advisories, please visit our Security Advisory Page and Huntr Disclosures Page.

Last updated: November 2024

Reference in New Issue View Git Blame Copy Permalink