| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Please use GitHub's private vulnerability reporting feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the vulnerability report form
This ensures your report is kept confidential until a fix is available.
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes (optional)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will investigate and provide an initial assessment within 7 days
- Resolution: We aim to release a fix within 30 days for critical vulnerabilities
- Disclosure: We will coordinate with you on public disclosure timing
This security policy covers:
- The Tara Code CLI application
- Official distribution channels (GitHub releases, Homebrew tap)
- Vulnerabilities in third-party dependencies (please report to the upstream project)
- Issues with self-hosted vLLM servers (not maintained by this project)
- Social engineering attacks
When using Tara Code:
- Keep your installation updated to the latest version
- Review commands before execution when using the
execute_commandtool - Be cautious with file operations in sensitive directories
- Ensure your vLLM server is properly secured if exposed to a network