| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| < 0.2 | ❌ |
Do not report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- GitHub Private Vulnerability Reporting: Submit a report
| Stage | Target |
|---|---|
| Acknowledgement | Within 48 hours |
| Initial assessment | Within 5 business days |
| Patch / fix | Within 90 days |
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Suggested fix (if available)
- Coordinated disclosure: we will work with you to fix the issue before any public announcement.
- Credit will be given to reporters unless they request anonymity.
- Store API keys in
~/.claudy/secrets.env(file permissions0600). - Never commit
secrets.envto version control. - Use
claudy doctorto verify your configuration health. - Keep claudy updated:
claudy update.