Skip to content

Security: off-grid-ai/console

Security

SECURITY.md

Security Policy

We take the security of the Off Grid AI Console seriously. This document explains how to report a vulnerability and what to expect after you do.

Reporting a vulnerability

Do not open a public GitHub issue for a security vulnerability. Public disclosure before a fix is available puts users at risk.

Report it privately by email to:

mac@getoffgridai.co

When you report, include as much of the following as you can:

  • A description of the vulnerability and the impact you believe it has.
  • The steps to reproduce it, or a proof of concept.
  • The affected version, commit, or route.
  • Any suggested remediation, if you have one.

What to expect

  • We acknowledge your report within a few business days.
  • We investigate and confirm the issue, then work on a fix.
  • We keep you informed of progress and let you know when a fix ships.
  • We credit you for the report if you would like, once the fix is public.

Please give us reasonable time to release a fix before any public disclosure. We will work with you on a coordinated timeline.

Supported versions

The project is pre-1.0 and moves fast. Security fixes land on the main branch, and we recommend running the latest release. Older versions are not patched separately. Once the project reaches a stable release line, this section will list the versions that receive security updates.

Scope

This policy covers the console application in this repository. Vulnerabilities in third-party dependencies should be reported to their respective projects, though we welcome a heads-up so we can update or patch on our side.

There aren't any published security advisories