| Version | Supported |
|---|---|
| Latest | Yes |
| < Latest | No |
If you discover a security vulnerability, please report it responsibly:
- Email: security@csoai.org
- Do NOT open a public GitHub issue for security vulnerabilities
- Include a description of the vulnerability and steps to reproduce
We will acknowledge receipt within 48 hours and provide a detailed response within 5 business days.
- All attestations are HMAC-SHA256 signed
- API keys are validated server-side
- Rate limiting is enforced per tier
- No sensitive data is logged or stored
We follow coordinated disclosure. We will work with you to understand and address the issue before any public disclosure.