We actively support and provide security updates for the following versions:

Please do not report security vulnerabilities through public GitHub issues.

If you discover a security vulnerability, please report it via email to team@super-agentic.ai with the following information:

• Description: A clear description of the vulnerability
• Impact: The potential impact of the vulnerability
• Steps to Reproduce: Detailed steps to reproduce the issue
• Suggested Fix: If you have a suggested fix, please include it
• Affected Versions: Which versions are affected

• Acknowledgment: We will acknowledge receipt of your report within 48 hours
• Initial Assessment: We will provide an initial assessment within 7 days
• Updates: We will keep you informed of our progress
• Resolution: We will work with you to understand and resolve the issue quickly
• Disclosure: We will coordinate disclosure with you after the issue is resolved

When reporting vulnerabilities:

• Do not access or modify user data without explicit permission
• Do not perform any actions that could harm users or their data
• Do not disclose the vulnerability publicly until it has been resolved
• Follow responsible disclosure practices

Security updates will be released as patch versions (e.g., 0.1.1 → 0.1.2) and will be documented in the CHANGELOG.md.

• Never commit secrets, API keys, or credentials
• Use environment variables for sensitive configuration
• Follow secure coding practices
• Review dependencies for known vulnerabilities
• Keep dependencies up to date

Thank you for helping keep DSPy Code secure! 🔒