Skip to content

Security: 18307519324az/CodeForge-AI

Security

SECURITY.md

Security Policy

Reporting Vulnerabilities

Report security vulnerabilities privately through GitHub Private Vulnerability Reporting:

https://github.com/18307519324az/CodeForge-AI/security/advisories/new

Do not open a public Issue for an unfixed vulnerability. Do not include real provider keys, JWTs, cookies, database passwords, user data, local storage state, storage paths, or complete system prompts in any public report.

Public Issues are only for ordinary non-security bugs.

Supported Version

Version Support
v1.0.1 Supported
v1.0.0 Supported for upgrade and audit reference

Disclosure Handling

Reports are triaged for authentication, authorization, prompt disclosure, provider credential handling, artifact storage, marketplace publication, export package handling, migration safety, and audit log exposure.

There aren't any published security advisories