| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability in zeroshot, please report it responsibly:
- Do NOT open a public GitHub issue for security vulnerabilities
- Email the maintainers directly at: security@covibes.io
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix timeline: Depends on severity, typically within 30 days for critical issues
This policy applies to:
- The zeroshot CLI tool
- Agent execution and isolation mechanisms
- Message bus and ledger components
- Docker container configurations
- Issues in Claude Code CLI itself (report to Anthropic)
- Issues in dependencies (report to respective maintainers)
- Social engineering attacks
Thank you for helping keep zeroshot secure!