Skip to content

Security: 13otKmdr/AutoGPT

Security

SECURITY.md

Security Policy

Reporting Security Issues

We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Important Note: Any code within the classic/ folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.

Instead, please report them via:

Reporting Process

  1. Submit Report: Use one of the above channels to submit your report
  2. Response Time: Our team will acknowledge receipt of your report within 14 business days.
  3. Collaboration: We will collaborate with you to understand and validate the issue
  4. Resolution: We will work on a fix and coordinate the release process

Disclosure Policy

  • Please provide detailed reports with reproducible steps
  • Include the version/commit hash where you discovered the vulnerability
  • Allow us a 90-day security fix window before any public disclosure
  • Share any potential mitigations or workarounds if known

Supported Versions

Only the following versions are eligible for security updates:

Version Supported
Latest release on master branch
Development commits (pre-master)
Classic folder (deprecated)
All other versions

Security Best Practices

When using this project:

  1. Always use the latest stable version
  2. Review security advisories before updating
  3. Follow our security documentation and guidelines
  4. Keep your dependencies up to date
  5. Do not use code from the classic/ folder as it is deprecated and unsupported

Past Security Advisories

For a list of past security advisories, please visit our Security Advisory Page and Huntr Disclosures Page.


Last updated: November 2024

There aren’t any published security advisories