If you discover a security vulnerability in OpenAgentPay, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please send an email to security@openagentpay.dev with:
- A description of the vulnerability
- Steps to reproduce the issue
- Any potential impact
- Suggested fix (if you have one)
- Acknowledgment: Within 48 hours of your report
- Initial assessment: Within 5 business days
- Resolution target: Within 30 days for critical issues
Security updates are provided for the latest minor release of each major version.
| Version | Supported |
|---|---|
| Latest | Yes |
- We will coordinate with you on disclosure timing
- We aim to release a fix before public disclosure
- Credit will be given to reporters (unless anonymity is requested)
Thank you for helping keep OpenAgentPay and its users safe.