We actively support security updates for the following versions:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability, please report it responsibly by following these steps:
Please do not report security vulnerabilities through public GitHub issues.
Instead, please use GitHub's private vulnerability reporting:
- GitHub: Report a vulnerability
- Subject: "Security Vulnerability Report - MLOps Studio"
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if available)
- Your contact information
- Initial Response: Within 48 hours
- Status Updates: Every 72 hours until resolved
- Resolution Target: 30 days for critical issues, 90 days for others
We follow responsible disclosure practices:
- We will acknowledge receipt of your report
- We will investigate and validate the vulnerability
- We will develop and test a fix
- We will coordinate the release of the fix
- We will publicly acknowledge your contribution (with your permission)
This application runs entirely in the browser and:
- Does not collect or transmit personal data
- Stores configurations locally in browser storage
- Does not require user authentication
- Does not make external API calls with sensitive data
We regularly:
- Update dependencies to latest secure versions
- Run security audits with
npm audit - Monitor security advisories for our dependencies
If you find security issues in our dependencies, please:
- Report to the upstream project first
- Notify us so we can track and update when fixes are available
- Never commit sensitive information (API keys, passwords, etc.)
- Use environment variables for configuration
- Follow secure coding practices
- Keep dependencies up to date
- Run security linters and audits
Thank you for helping keep MLOps Studio secure!