-
Notifications
You must be signed in to change notification settings - Fork 44.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'dev' into toran/open-2000-implement-unified-ai-image-ge…
…neration-block
- Loading branch information
Showing
28 changed files
with
802 additions
and
403 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Security Policy | ||
|
||
## Reporting Security Issues | ||
|
||
We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** | ||
|
||
> **Important Note**: Any code within the `classic/` folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code. | ||
Instead, please report them via: | ||
- [GitHub Security Advisory](https://github.com/Significant-Gravitas/AutoGPT/security/advisories/new) | ||
- [Huntr.dev](https://huntr.com/repos/significant-gravitas/autogpt) - where you may be eligible for a bounty | ||
|
||
### Reporting Process | ||
1. **Submit Report**: Use one of the above channels to submit your report | ||
2. **Response Time**: Our team will acknowledge receipt of your report within 14 business days. | ||
3. **Collaboration**: We will collaborate with you to understand and validate the issue | ||
4. **Resolution**: We will work on a fix and coordinate the release process | ||
|
||
### Disclosure Policy | ||
- Please provide detailed reports with reproducible steps | ||
- Include the version/commit hash where you discovered the vulnerability | ||
- Allow us a 90-day security fix window before any public disclosure | ||
- Share any potential mitigations or workarounds if known | ||
|
||
## Supported Versions | ||
Only the following versions are eligible for security updates: | ||
|
||
| Version | Supported | | ||
|---------|-----------| | ||
| Latest release on master branch | ✅ | | ||
| Development commits (pre-master) | ✅ | | ||
| Classic folder (deprecated) | ❌ | | ||
| All other versions | ❌ | | ||
|
||
## Security Best Practices | ||
When using this project: | ||
1. Always use the latest stable version | ||
2. Review security advisories before updating | ||
3. Follow our security documentation and guidelines | ||
4. Keep your dependencies up to date | ||
5. Do not use code from the `classic/` folder as it is deprecated and unsupported | ||
|
||
## Past Security Advisories | ||
For a list of past security advisories, please visit our [Security Advisory Page](https://github.com/Significant-Gravitas/AutoGPT/security/advisories) and [Huntr Disclosures Page](https://huntr.com/repos/significant-gravitas/autogpt). | ||
|
||
--- | ||
Last updated: November 2024 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.