We take security seriously. If you discover a security vulnerability in any Zylos project, please report it responsibly.
Please do NOT open a public GitHub issue for security vulnerabilities.
Use GitHub Security Advisories to report vulnerabilities privately. This ensures the issue is handled confidentially.
Alternatively, you can report via email: security@zylos.ai
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeline |
|---|---|
| Acknowledgment | Within 48 hours |
| Initial assessment | Within 1 week |
| Fix development | Depends on severity |
| Public disclosure | After fix is released |
This policy applies to all repositories under the zylos-ai organization.
We provide security updates for the latest minor version of each package. Please ensure you are using the most recent version before reporting.