WindyMadman/Auto-GPT
1
0
Fork 0
mirror of https://github.com/Significant-Gravitas/Auto-GPT.git synced 2025-01-05 10:26:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
master
Auto-GPT/SECURITY.md
Nicholas Tindle 7c2e371f23
docs: huntr no longer is offering a security bounty so remove it (#8872) 
<!-- Clearly explain the need for these changes: -->

Huntr isn't offering a security bounty for autogpt at the moment so
remove it in favor of github security adviosories

### Changes 🏗️

<!-- Concisely describe all of the changes made in this pull request:
-->

comments out huntr line in case they decide to offer it again in the
future
2024-12-02 21:44:43 +00:00

2.2 KiB
Raw Permalink Blame History

Security Policy

Reporting Security Issues

We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.

Important Note: Any code within the classic/ folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.

Instead, please report them via:

Reporting Process

  1. Submit Report: Use one of the above channels to submit your report
  2. Response Time: Our team will acknowledge receipt of your report within 14 business days.
  3. Collaboration: We will collaborate with you to understand and validate the issue
  4. Resolution: We will work on a fix and coordinate the release process

Disclosure Policy

  • Please provide detailed reports with reproducible steps
  • Include the version/commit hash where you discovered the vulnerability
  • Allow us a 90-day security fix window before any public disclosure
  • Share any potential mitigations or workarounds if known

Supported Versions

Only the following versions are eligible for security updates:

Version Supported
Latest release on master branch
Development commits (pre-master)
Classic folder (deprecated)
All other versions

Security Best Practices

When using this project:

  1. Always use the latest stable version
  2. Review security advisories before updating
  3. Follow our security documentation and guidelines
  4. Keep your dependencies up to date
  5. Do not use code from the classic/ folder as it is deprecated and unsupported

Past Security Advisories

For a list of past security advisories, please visit our Security Advisory Page and Huntr Disclosures Page.

Last updated: November 2024