The following versions of ContextMemory are currently supported with security updates:
| Version | Supported |
|---|---|
| 0.5.x | ✅ Yes |
| < 0.5.0 | ❌ No |
Only the latest minor release will receive security patches.
If you discover a security vulnerability, please report it responsibly.
- Open a public GitHub issue for security vulnerabilities.
- Disclose the vulnerability publicly before it is fixed.
Email the details to:
Include:
- Description of the vulnerability
- Steps to reproduce
- Affected version
- Potential impact
- Any suggested fix (if available)
- You will receive acknowledgment within 48 hours.
- The issue will be investigated and validated.
- A fix will be prepared.
- A patched version will be released.
- A security advisory will be published.
This policy applies to:
- CLI functionality
- Local file storage (.contextmemory folder)
- MCP server integration
- Dependency vulnerabilities
-
Always use the latest version:
npm update -g @akashkobal/contextmemory
-
Do not commit
.contextmemory/to public repositories if it contains sensitive architecture data. -
Review dependency updates regularly.
We follow responsible disclosure practices. Contributors reporting valid vulnerabilities will be acknowledged (unless they prefer anonymity).
Thank you for helping keep ContextMemory secure.