| Version | Supported |
|---|---|
| 0.6.x | Yes |
| < 0.6 | No |
If you discover a security vulnerability in Metaseed, please report it responsibly.
- Do not open a public issue for security vulnerabilities
- Email the maintainers directly or use GitHub's private vulnerability reporting
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix timeline depends on severity
Security issues we are interested in:
- Remote code execution
- SQL injection / command injection
- Path traversal
- Authentication/authorization bypass
- Sensitive data exposure
- Cross-site scripting (XSS) in the web UI
- Denial of service (DoS) attacks
- Issues requiring physical access
- Social engineering attacks
- Issues in dependencies (report to upstream)
When deploying Metaseed:
- Run behind a reverse proxy in production
- Use HTTPS for all connections
- Keep dependencies updated
- Restrict file system access appropriately