The latest released version of each ZSky AI open-source project is the supported version. Older versions may receive critical security fixes at our discretion.
If you discover a security vulnerability in any ZSky AI repository, please report it privately.
- Email: marketing@zsky.ai
- Subject: "Security report: "
- Please include:
- A description of the issue
- Steps to reproduce
- The affected version or commit hash
- Your assessment of impact, if you have one
We aim to acknowledge new reports within 48 hours and to issue a fix or mitigation as fast as is reasonable for the severity of the issue.
Please do not file public GitHub issues for security problems. Do not disclose the issue publicly until we have shipped a fix or 90 days have passed, whichever comes first.
This policy covers code in this repository. The hosted ZSky AI platform at https://zsky.ai is in scope for bug reports submitted in good faith. Automated scans, denial-of-service tests, and social-engineering attempts against ZSky AI staff or customers are out of scope.
We are happy to credit reporters who follow this process in the project changelog or release notes, with the reporter's permission.