This document outlines Codeflash's vulnerability disclosure policy. For more information about Codeflash's approach to security, please visit codeflash.ai/security.

Since Codeflash is moving quickly, we can only commit to fixing security issues for the latest version of codeflash client. If a vulnerability is discovered in our backend, we will release the fix for all the users.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them to our GitHub Security page. If you prefer to submit one without using GitHub, you can also email us at [email protected].

We commit to acknowledging vulnerability reports immediately, and will work to fix active vulnerabilities as soon as we can. We will publish resolved vulnerabilities in the form of security advisories on our GitHub security page. Critical incidents will be communicated both on the GitHub security page and via email to all affected users.

We appreciate your help in making Codeflash more secure for everyone. Thank you for your support and responsible disclosure.