| Version | Supported |
|---|---|
| 0.0.x (alpha) | ✅ Active development — security patches applied |
Please do not report security vulnerabilities through public GitHub issues.
To report a security issue, use GitHub's private vulnerability reporting:
- Go to the Security tab of this repository.
- Click "Report a vulnerability".
- Fill in the details and submit.
Alternatively, email security@agent-assembly.dev with the subject line:
[SECURITY] agent-assembly — <brief description>.
- A description of the vulnerability and its potential impact.
- Steps to reproduce or a proof-of-concept.
- The affected version(s) and component(s).
- Any suggested mitigations, if known.
| Stage | Target |
|---|---|
| Initial acknowledgement | Within 2 business days |
| Severity assessment | Within 5 business days |
| Patch or mitigation | Dependent on severity (Critical: 7 days, High: 14 days, Medium/Low: next release) |
We follow coordinated disclosure. Once a fix is available, we will:
- Release a patched version.
- Publish a GitHub Security Advisory.
- Credit the reporter (unless they prefer to remain anonymous).