Only the latest production deployment at uoft-agent.com is actively maintained and receives security updates.
| Version | Supported |
|---|---|
| 2.1.x | ✅ |
| 2.0.x | ❌ |
| < 2.0 | ❌ |
If you discover a security vulnerability in UofT Agent, please do not open a public GitHub issue. Public disclosure of a vulnerability before it is patched could put users at risk.
Instead, please report it privately by emailing: uoftagent@gmail.com
Please include in your report:
- A description of the vulnerability
- Steps to reproduce it
- The potential impact you see
What to expect:
- Acknowledgment within 48 hours
- A status update within 7 days
- Credit in the release notes if you'd like, once the issue is resolved
Vulnerabilities affecting user authentication, stored academic data, or the Quercus token integration will be treated as highest priority.