1.4 KiB
1.4 KiB
Security Policy
Supported Versions
Security fixes are applied to the latest released version of RAG-Anything. We recommend always running the most recent release.
| Version | Supported |
|---|---|
| 1.3.x | ✅ |
| < 1.3 | ❌ |
Reporting a Vulnerability
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately through GitHub's built-in private vulnerability reporting. This opens a confidential channel visible only to the maintainers.
When reporting, please include as much of the following as you can:
- A description of the vulnerability and its impact.
- The affected version(s) and, where relevant, the component (e.g. document parsing, a specific modal processor, batch processing).
- Steps to reproduce, or a proof-of-concept.
- Any known mitigations or workarounds.
What to Expect
- Acknowledgement: we aim to acknowledge new reports within 5 business days.
- Assessment: we will investigate, confirm the issue, and keep you updated on our progress.
- Fix & disclosure: once a fix is ready we will release it and, with your agreement, publicly credit your contribution. Please give us a reasonable window to ship the fix before any public disclosure.
Thank you for helping keep RAG-Anything and its users safe.