| Version | Supported |
|---|---|
| 0.20.x | ✅ |
| < 0.20 | ❌ |
If you discover a security vulnerability in Pyrite, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email the maintainers directly or use GitHub's private vulnerability reporting feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Provide a detailed description of the vulnerability
We will acknowledge receipt within 48 hours and aim to provide a fix within 7 days for critical issues.
This policy applies to the pyrite Python package and its server components (REST API, MCP server).
- Never commit your
.envfile or API keys to version control - Use read-only KB configurations for untrusted data sources
- Run the REST API behind a reverse proxy in production
- Keep dependencies up to date