| Version | Supported |
|---|---|
| 0.1.x | Yes |
If you discover a security vulnerability in AgenticConnect, please report it responsibly:
- Do NOT open a public issue
- Email: security@agentralabs.tech
- Include: description, reproduction steps, impact assessment
- Expected response: within 48 hours
- Credential Vault: AES-256-GCM encryption with PBKDF2 key derivation (100,000 iterations)
- No plaintext secrets: Credentials encrypted at rest, never logged
- MCP input validation: All tool parameters validated before execution
- Circuit breakers: Prevent cascade failures from compromised endpoints
- HMAC-SHA256: Webhook signature verification prevents payload tampering
Security issues in the following areas are in scope:
- Credential vault encryption/decryption
- MCP protocol handling (injection, overflow)
- Authentication credential leakage
- TLS inspection (certificate validation bypass)
- SQL injection in database tools