| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in agent-memory, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Email: darshjme@gmail.com
Subject: [SECURITY] agent-memory - Brief description
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement: Within 48 hours
- Status update: Within 7 days
- Resolution: Within 30 days for critical issues
This policy covers the agent-memory Python package and its direct dependencies.
When using agent-memory in production:
- Pin to specific versions in
requirements.txt - Review changelogs before upgrading
- Run in isolated environments (containers/virtualenvs)
- Never pass untrusted user input directly to LLM agent parameters without validation
We appreciate responsible disclosure and will acknowledge security researchers in release notes.