We aim to support the latest version of the ChatsAPI library and address any critical vulnerabilities or bugs. Below is the list of supported versions:
| Version | Supported |
|---|---|
>=0.1.x |
✅ Fully Supported |
We take security seriously and appreciate your efforts to responsibly disclose vulnerabilities. To report a security issue, follow these steps:
- Do not create a public issue in the repository or disclose details in public forums.
- Email us directly at [email protected] with the following details:
- A concise description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact or risk assessment.
- Any suggestions for fixing the issue, if available.
- We will acknowledge your report within 48 hours and provide an expected timeline for a resolution.
- Once the vulnerability is resolved, we will:
- Notify you of the fix.
- Attribute you in the release notes (if you choose to be credited).
To ensure secure usage of the ChatsAPI framework:
- Keep dependencies up to date: Regularly update the library and its dependencies to mitigate risks from outdated packages.
- Protect your API keys: When using LLM integrations like OpenAI or Gemini, securely store API keys and avoid hardcoding them in your codebase.
- Sandbox testing: Always test the library in a controlled, sandboxed environment before deploying it to production.
- Input sanitization: Ensure user inputs are properly validated and sanitized to prevent potential injection attacks.
By reporting security issues, you agree to act in a responsible manner and avoid:
- Exploiting vulnerabilities for malicious purposes.
- Publicly disclosing security issues without prior notice.
We value your contributions and are committed to working with you to keep our project secure.
We are grateful to the open-source community and security researchers for helping us identify and resolve potential vulnerabilities.