| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, email 1715136863@qq.com with details.
We aim to acknowledge reports within 48 hours and provide a timeline for resolution within 5 business days.
ai-llm handles sensitive data including API keys, user prompts, and model outputs. We take the following concerns seriously:
- Prompt injection vectors in template processing
- API key exposure through logs or error messages
- Insecure handling of user data in RAG pipelines
- Dependency supply chain risks