Files
wehub-resource-sync c48612c494
CI / E2E Tests (push) Has been cancelled
CI / Lint, Typecheck & Unit Tests (push) Has been cancelled
Docs Build / Build docs site (push) Has been cancelled
Publish @openmaic packages / Build, validate & publish (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:03:23 +08:00

1.7 KiB

Security Policy for OpenMAIC

Thank you for helping us keep OpenMAIC secure! We take the security of our platform, multi-agent engine, and users very seriously.

Supported Versions

We currently provide security updates for the latest major release and the active main branch. Please ensure you are running the most recent version of OpenMAIC before submitting a report.

Version Supported
main
Latest Release
Older Versions

Reporting a Vulnerability

If you discover a security vulnerability in OpenMAIC, please do not create a public GitHub issue. Publicly disclosing a vulnerability can put other users and self-hosted instances at risk.

Instead, please report it privately using one of the following methods: GitHub Private Vulnerability Reporting: Go to the Security tab of the repository, click on "Advisories", and select "Report a vulnerability".

What to include in your report:

  • A description of the vulnerability and its potential impact.
  • Detailed steps to reproduce the issue.
  • Any relevant logs, screenshots, or code snippets.
  • (Optional) Suggested mitigation or a patch.

We will acknowledge receipt of your vulnerability report within 48 hours and strive to send you regular updates about our progress.

Disclosure Process

When a vulnerability is confirmed and patched, we will publish a GitHub Security Advisory detailing the issue, the impacted versions, and the fix. We will also credit the security researcher who reported the issue (unless they prefer to remain anonymous).