| Version | Supported |
|---|---|
| Latest | Yes |
We take security seriously. If you discover a security vulnerability in the Claude-OpenAI Bridge, please report it responsibly.
- Do NOT open a public issue for security vulnerabilities.
- Email your report to the maintainers via the ATC-O48 organization contact.
- Include the following in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours of your report.
- Status update within 7 days with an assessment.
- Fix timeline based on severity:
- Critical: Patch within 24-48 hours
- High: Patch within 1 week
- Medium: Patch within 2 weeks
- Low: Included in next release
This policy applies to the Claude-OpenAI Bridge proxy and its API endpoints. Issues in third-party dependencies should be reported to the respective projects.
When using this project:
- Never expose your Anthropic API key in client-side code
- Use environment variables for all credentials
- Run the proxy behind a reverse proxy in production
- Enable rate limiting for public-facing deployments