| Version | Supported |
|---|---|
| 2.x | Yes |
| < 2.0 | No |
Do not open a public issue for security vulnerabilities.
Email security@intentsolutions.io with:
- Description of the vulnerability
- Steps to reproduce
- Affected version(s)
- Impact assessment (if known)
We will acknowledge receipt within 48 hours and provide a timeline for a fix within 5 business days.
The following are in scope:
@intentsolutions/blueprint(CLI)@intentsolutions/blueprint-mcp(MCP server)@intentsolutions/blueprint-core(core engine)- Template content that could cause injection or data leakage
Out of scope:
- Third-party dependencies (report upstream)
- Social engineering
- Denial of service
We follow coordinated disclosure. Once a fix is released, we will credit reporters (unless anonymity is requested) in the release notes.