We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
The HTTP Agent team takes security seriously. We appreciate your efforts to responsibly disclose your findings.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
-
GitHub Security Advisory (Preferred):
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill in the details
-
Email:
- Send an email to the maintainers (check the repository's main page for contact information)
- Include "SECURITY" in the subject line
Please include as much of the following information as possible:
- Type of vulnerability (e.g., injection, authentication bypass, XSS, etc.)
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability and potential attack scenarios
- Any potential mitigations you've identified
Thank you for helping keep HTTP Agent and its users safe! 🔒