Report security vulnerabilities privately through GitHub Private Vulnerability Reporting:
https://github.com/18307519324az/CodeForge-AI/security/advisories/new
Do not open a public Issue for an unfixed vulnerability. Do not include real provider keys, JWTs, cookies, database passwords, user data, local storage state, storage paths, or complete system prompts in any public report.
Public Issues are only for ordinary non-security bugs.
| Version | Support |
|---|---|
| v1.0.1 | Supported |
| v1.0.0 | Supported for upgrade and audit reference |
Reports are triaged for authentication, authorization, prompt disclosure, provider credential handling, artifact storage, marketplace publication, export package handling, migration safety, and audit log exposure.