We are committed to providing security updates for the following versions of our project. Please ensure you are using a supported version to receive the latest security patches.
| Version | Supported |
|---|---|
| 2.1.x | ✅ |
| 2.0.x | ✅ |
| 1.9.x | ✅ |
| < 1.9 | ❌ |
We take the security of our project seriously. If you discover a security vulnerability, please follow these steps to report it:
- Do not disclose the vulnerability publicly until it has been addressed by our team.
- Email your findings to our security team at raphael.mansuy@quantalogic.app.
- Provide as much information as possible, including:
- A detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any possible mitigations or workarounds
- We will acknowledge receipt of your vulnerability report within 3 business days.
- Our security team will investigate and validate the reported vulnerability.
- We aim to provide an initial assessment within 10 business days.
- We will keep you informed about the progress of addressing the vulnerability.
- Once the vulnerability is fixed, we will notify you and discuss the possibility of public disclosure.
-
If the vulnerability is accepted:
- We will work on a fix and release it as soon as possible.
- We will credit you (unless you prefer to remain anonymous) in the security advisory.
- We may offer a bounty or reward, depending on the severity and impact of the vulnerability.
-
If the vulnerability is declined:
- We will provide a detailed explanation of why it was not accepted.
- We may still implement improvements based on your report, even if it's not classified as a security vulnerability.
To help maintain the security of our project:
- Always use the latest supported version.
- Enable two-factor authentication (2FA) for your GitHub account.
- Regularly update all dependencies to their latest secure versions.
- Follow secure coding practices and conduct regular code reviews.
- Use strong, unique passwords for all accounts related to the project.
We will announce security updates through the following channels:
- GitHub Security Advisories
- Our official Twitter account: @QLLMSecurity
- Email notifications to registered users (ensure your email is up to date in your account settings)
We kindly ask security researchers and users to practice responsible disclosure:
- Allow us reasonable time to address the vulnerability before public disclosure.
- Do not exploit the vulnerability for any purpose other than verification.
- Do not access, modify, or delete data without explicit permission.
We appreciate your efforts in improving the security of our project. Thank you for helping us maintain a safe environment for all our users.