| Version | Supported |
|---|---|
| latest (private_web_ui branch) | Yes |
| older releases | No |
If you discover a security vulnerability, please report it responsibly:
- DO NOT open a public issue
- Email: wangbingjie1989@gmail.com
- Or use GitHub Security Advisories
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Status update: within 7 days
- Fix release: depends on severity
The following are in scope:
- Command injection via tool inputs
- Path traversal in file operations
- WebSocket authentication bypass
- Cross-site scripting (XSS) in Web UI
- Sensitive data exposure in logs or responses
- Issues requiring physical access to the machine
- Social engineering attacks
- Denial of service (this is a local/self-hosted tool)
- Vulnerabilities in third-party dependencies (report upstream)