Please do not report security vulnerabilities through public GitHub issues.
Instead, report them via:
- Email: security@tfp-protocol.org (preferred)
- GitHub Security Advisory: Report a vulnerability
We aim to respond within 48 hours and will work with you to understand and fix the issue promptly.
| Version | Supported |
|---|---|
| 3.1.x | ✅ Active support |
| 3.0.x | |
| < 3.0 | ❌ End of life |
See tfp-foundation-protocol/docs/SECURITY.md for:
- Verified security properties
- Known limitations
- Threat model
- Security validation checklist
We credit security researchers who responsibly disclose vulnerabilities in our release notes (unless they prefer to remain anonymous).
Last updated: April 2026