| Version | Supported |
|---|---|
Latest (main) |
✅ |
| Older releases | ❌ — please upgrade |
Please do not report security vulnerabilities through public GitHub Issues.
To report a security issue responsibly:
- Open a GitHub Security Advisory (preferred — keeps the report private until patched).
- Alternatively, email the maintainers directly via the contact listed on the GitHub profile.
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept (if safe to share)
- Affected versions or files
- Any suggested fix (optional but appreciated)
- Acknowledgement within 5 business days.
- Status update (confirmed / not reproducible / out of scope) within 14 days.
- Patch and public disclosure coordinated with the reporter, typically within 90 days of confirmation.
We follow the GitHub coordinated disclosure guidelines.
- Never commit real credentials to your repository. Use
dmtools.env(already in.gitignore). - Rotate any credentials that may have been accidentally exposed immediately.
- Run DMTools with the minimum required permissions for each integration.
- Keep your DMTools installation up to date:
curl -fsSL https://github.com/epam/dm.ai/releases/latest/download/install.sh | bash