Philterd takes the security of our software seriously. This policy applies to all public repositories under the Philterd organization. We appreciate the efforts of security researchers and the broader community in helping us keep our projects and their users safe.
Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.
Instead, report them privately through one of the following channels:
- Email: security@philterd.ai
- GitHub: Use the "Report a vulnerability" button under the Security tab of the affected repository to open a private security advisory.
If you would like to encrypt sensitive information, mention this in your initial email and we will arrange a secure channel.
Please include enough detail for us to reproduce and assess the issue, such as the affected repository and version, the type of vulnerability, its potential impact, and step-by-step reproduction instructions.
When you report a vulnerability through the channels above, you can expect us to:
- Acknowledge your report within 3 business days.
- Provide an initial assessment and triage within 10 business days.
- Keep you informed of our progress as we work toward a fix.
- Notify you when the vulnerability has been resolved.
- Credit you for the discovery once the issue is resolved, if you wish to be acknowledged.
We ask that you give us a reasonable amount of time to investigate and address the issue before any public disclosure, and that you make a good-faith effort to avoid privacy violations, data destruction, and service interruption while researching.
Unless a repository's README or release notes state otherwise, security fixes are applied to the latest released version on the default branch. We strongly recommend running the most recent release to receive security updates. Where a project maintains multiple release lines, the supported versions are documented in that repository.
This policy covers the source code in Philterd's public repositories. Issues in third-party dependencies should be reported to the respective upstream projects, though we welcome a heads-up so we can update or mitigate on our side.
Thank you for helping keep Philterd and our users safe.