Skip to content

Security: epicsagas/llm-kernel

Security

SECURITY.md

Security Policy

Supported Versions

Until a 1.0 release, security fixes land on the latest published minor and are not backported to earlier 0.x versions.

Version Supported
0.13.x
< 0.13

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security issue:

  1. Do not open a public GitHub issue
  2. Email security concerns to the maintainers via GitHub's private vulnerability reporting
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if available)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial assessment: Within 5 business days
  • Patch target: Within 90 days

Dependency Security

We use cargo audit in CI to scan for known vulnerabilities in dependencies.

Secret Scanning

We use gitleaks in CI to detect accidentally committed secrets, API keys, and credentials.

There aren't any published security advisories