| Version | Supported |
|---|---|
| 1.x.x | ✅ Current |
| < 1.0 | ❌ Unsupported |
The NeoCode team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose them.
If you discover a security vulnerability, please do not open a public issue. Instead, send an email to: security@neocode.ai
Please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any proof-of-concept code (if available)
- Initial response: Within 48 hours
- Detailed assessment: Within 7 days
- Patch release: Based on severity assessment
- Public disclosure: After patch is available
- Keep NeoCode updated to the latest version
- Review permission settings carefully
- Use in trusted environments
- Monitor access logs regularly
- Validate all user inputs
- Use principle of least privilege
- Keep dependencies updated
- Follow secure coding practices
- Input validation with Zod schemas
- Permission system for tool access
- Session isolation between users
- Audit logging for actions
- Sandboxed execution environments
Security updates are announced through:
- GitHub Security Advisories
- Release notes
- Discord announcements
- Email notifications (for critical issues)
We acknowledge and thank security researchers who help us keep NeoCode secure. All valid security reports will be credited in our release notes.
This security policy is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0).