Skip to content

Security: Genta-Technology/Kolosal

Security

SECURITY.md

Security Policy

Thank you for helping to keep Kolosal AI secure. This document outlines our security practices, reporting guidelines, and version support details.

Reporting a Vulnerability

If you discover a security vulnerability in Kolosal AI, please do not create a public issue. Instead, follow these steps:

  1. Send an Email:
    Report the vulnerability details confidentially to our security team at:
    rifky@genta.tech

  2. Include the Following Information:

    • A clear description of the vulnerability.
    • Steps to reproduce the issue.
    • Any relevant logs, screenshots, or code snippets.
    • Impact analysis (if known).
    • Your contact information for follow-up (optional).

  3. Response Commitment:
    We will acknowledge receipt of your report within 72 hours and work with you to verify and resolve the issue.
    Our goal is to release a security patch as quickly as possible after a confirmed vulnerability is reported.

Supported Versions

The current security support covers all releases from v0.1.0 through v0.1.4. We commit to addressing security vulnerabilities in these versions according to the following policy:

  • v0.1.4 (Current Version):
    This is our latest release. All reported security issues in this version will be prioritized and patched promptly.

  • v0.1.0 to v0.1.3:
    Although these earlier versions are superseded by v0.1.4, we encourage all users to upgrade. However, if you are using one of these versions and cannot upgrade immediately, please contact our security team. We will consider backporting fixes based on the severity of the vulnerability and the feasibility of patching older releases.

Additional Security Practices

  • Regular Audits:
    We periodically review our code and dependencies to address potential security risks.

  • Community Collaboration:
    We appreciate contributions from the community to help improve our security posture. If you have a suggestion or patch that enhances security, please follow our contribution guidelines.

  • Transparency:
    We commit to being transparent with our users about security updates and vulnerabilities. If a significant vulnerability is discovered, we will notify affected users promptly via our public channels.

Disclaimer

While we take every precaution to secure Kolosal AI, no software is completely immune to vulnerabilities. We encourage users to practice good security hygiene, such as running the application in a controlled environment and keeping systems updated.

Thank you for helping us keep Kolosal AI secure!

For any questions related to our security practices, please contact:
rifky@genta.tech

There aren’t any published security advisories