We provide security updates for the following versions of ChatSpatial:

We take the security of ChatSpatial seriously. If you discover a security vulnerability, please follow these steps:

1. Do not open a public GitHub issue for security vulnerabilities
2. Send an email to the maintainers with:
   • A detailed description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact assessment
   • Any suggested fixes or mitigations

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
• Initial Assessment: We will provide an initial assessment within 5 business days
• Updates: We will keep you informed of our progress throughout the process
• Resolution: We aim to resolve critical security issues within 30 days

This security policy applies to:

• The main ChatSpatial codebase
• Official Docker images
• Dependencies and third-party integrations
• Model Context Protocol (MCP) server implementations

• Issues in third-party dependencies (please report directly to those projects)
• General software bugs that don't have security implications
• Issues requiring physical access to systems

When using ChatSpatial:

1. Environment Variables: Store sensitive data (API keys, database credentials) in environment variables, not in code
2. Network Security: Use HTTPS for all communications when deploying in production
3. Data Privacy: Be mindful of sensitive biological data and comply with relevant regulations
4. Dependencies: Regularly update dependencies to get security patches
5. Access Control: Implement appropriate authentication and authorization for production deployments

ChatSpatial includes several security features:

• Input validation and sanitization
• Secure handling of file uploads and data processing
• MCP protocol compliance with security best practices
• Error handling that doesn't expose sensitive information

If you're contributing code to ChatSpatial, please:

• Follow secure coding practices
• Run security linters and tests
• Be cautious with external dependencies
• Document any security-related changes

Thank you for helping to keep ChatSpatial secure!