Skip to content

Latest commit

 

History

History
53 lines (35 loc) · 2.15 KB

SECURITY.md

File metadata and controls

53 lines (35 loc) · 2.15 KB

Security Policy

Supported Versions

We aim to support the latest version of the ChatsAPI library and address any critical vulnerabilities or bugs. Below is the list of supported versions:

Version Supported
>=0.1.x ✅ Fully Supported

Reporting a Vulnerability

We take security seriously and appreciate your efforts to responsibly disclose vulnerabilities. To report a security issue, follow these steps:

  1. Do not create a public issue in the repository or disclose details in public forums.
  2. Email us directly at hello@bysatha.com with the following details:
    • A concise description of the vulnerability.
    • Steps to reproduce the issue.
    • Potential impact or risk assessment.
    • Any suggestions for fixing the issue, if available.
  3. We will acknowledge your report within 48 hours and provide an expected timeline for a resolution.
  4. Once the vulnerability is resolved, we will:
    • Notify you of the fix.
    • Attribute you in the release notes (if you choose to be credited).

Security Best Practices

To ensure secure usage of the ChatsAPI framework:

  1. Keep dependencies up to date: Regularly update the library and its dependencies to mitigate risks from outdated packages.
  2. Protect your API keys: When using LLM integrations like OpenAI or Gemini, securely store API keys and avoid hardcoding them in your codebase.
  3. Sandbox testing: Always test the library in a controlled, sandboxed environment before deploying it to production.
  4. Input sanitization: Ensure user inputs are properly validated and sanitized to prevent potential injection attacks.

Code of Conduct

By reporting security issues, you agree to act in a responsible manner and avoid:

  • Exploiting vulnerabilities for malicious purposes.
  • Publicly disclosing security issues without prior notice.

We value your contributions and are committed to working with you to keep our project secure.


Credits

We are grateful to the open-source community and security researchers for helping us identify and resolve potential vulnerabilities.