Thank you for helping us keep OpenMAIC secure! We take the security of our platform, multi-agent engine, and users very seriously.
We currently provide security updates for the latest major release and the active main branch. Please ensure you are running the most recent version of OpenMAIC before submitting a report.
| Version | Supported |
|---|---|
| main | ✅ |
| Latest Release | ✅ |
| Older Versions | ❌ |
If you discover a security vulnerability in OpenMAIC, please do not create a public GitHub issue. Publicly disclosing a vulnerability can put other users and self-hosted instances at risk.
Instead, please report it privately using one of the following methods: GitHub Private Vulnerability Reporting: Go to the Security tab of the repository, click on "Advisories", and select "Report a vulnerability".
What to include in your report:
- A description of the vulnerability and its potential impact.
- Detailed steps to reproduce the issue.
- Any relevant logs, screenshots, or code snippets.
- (Optional) Suggested mitigation or a patch.
We will acknowledge receipt of your vulnerability report within 48 hours and strive to send you regular updates about our progress.
When a vulnerability is confirmed and patched, we will publish a GitHub Security Advisory detailing the issue, the impacted versions, and the fix. We will also credit the security researcher who reported the issue (unless they prefer to remain anonymous).