If you discover a security vulnerability in apcore, please report it responsibly.
Do NOT open a public issue for security vulnerabilities.
Please use GitHub's private vulnerability reporting feature:
- Go to the relevant repository's Security tab
- Click Report a vulnerability
- Fill in the details
Alternatively, email: team@aiperceivable.org
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix or mitigation: Depends on severity; critical issues targeted within 30 days
| Component | Supported Versions |
|---|---|
| apcore spec | Latest published version |
| apcore-python | Latest release |
| apcore-typescript | Latest release |
| apcore-rust | Latest release |
| apcore-mcp-* | Latest release |
| apcore-a2a-* | Latest release |
| apcore-cli-* | Latest release |
| apcore-toolkit-* | Latest release |
Older versions receive security fixes on a best-effort basis.
This policy covers all repositories under the aiperceivable GitHub organization that are part of the apcore standard.
We follow coordinated disclosure:
- Reporter submits vulnerability privately
- We confirm and assess the issue
- We develop and test a fix
- We release the fix and publish an advisory
- Reporter is credited (unless they prefer anonymity)