| Version | Supported |
|---|---|
| latest | Yes |
If you discover a security vulnerability in CervellaSwarm, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please email cervellaswarm@pm.me with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity, typically 1-4 weeks
This policy applies to:
- The CervellaSwarm core framework
- Official packages (
cervellaswarm-*on PyPI,@cervellaswarm/*on npm) - The CervellaSwarm GitHub repository
- Third-party dependencies (report to the respective project)
- Self-hosted instances with custom modifications
We appreciate security researchers who help keep CervellaSwarm safe. Contributors who report valid vulnerabilities will be acknowledged in our CHANGELOG (unless they prefer to remain anonymous).