If you discover a security vulnerability in Ellmud, please report it responsibly. Do not open a public GitHub issue.
Instead, please email the maintainers directly with:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
We will acknowledge your report within 48 hours and work with you to resolve the issue before public disclosure.
Security updates will be provided for the latest stable release. Please keep your installation up to date.
| Version | Status |
|---|---|
| Latest | Supported |
| Older | Not supported |
When running Ellmud:
- Environment Variables: Never commit
.envfiles with secrets to version control. Use.env.exampleas a template. - Authentication: If using Microsoft Entra External ID, ensure your credentials are kept secure.
- Database: Always use strong credentials for PostgreSQL and Redis in production.
- API Keys: Protect your Azure AI Foundry API key and admin token.
- Dependency Updates: Keep Node.js and npm dependencies up to date.
We appreciate security researchers who responsibly disclose vulnerabilities. Your efforts help keep the community safe.