Skip to content

Security: Jcstack/ashare-ai-analyst

SECURITY.md

Security Policy

Supported versions

This project is maintained on a best-effort basis. Security fixes will be applied to the latest main branch first.

Reporting a vulnerability

Please do not report security vulnerabilities in public GitHub issues.

Instead:

  1. Describe the issue, impact, and reproduction steps.
  2. Send the report privately to the maintainer through GitHub security reporting if enabled, or another private contact channel you control.
  3. Allow reasonable time for validation and remediation before public disclosure.

Scope

Please report issues such as:

  • secret exposure
  • authentication or authorization bypass
  • command injection
  • unsafe dependency or build-chain exposure
  • data leakage in reports, logs, or API responses

There aren't any published security advisories