| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Use GitHub's private vulnerability reporting to submit your report
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 5 business days
- Resolution Timeline: Depends on severity, typically 30-90 days
- We will acknowledge your report within 48 hours
- We will work with you to understand and validate the issue
- We will keep you informed about our progress
- We will credit you (unless you prefer anonymity) when we publish the fix
When using Fig:
-
Configuration Files: Fig manages Claude Code configuration files which may contain sensitive information like API keys and tokens. Ensure these files have appropriate permissions.
-
MCP Servers: Be cautious when configuring MCP servers, especially those from untrusted sources.
-
Backups: Fig creates automatic backups of configuration files. Ensure backup directories have appropriate access controls.
- Automatic backups before file modifications
- No network requests except when explicitly configured
- All data stored locally on your machine
- No telemetry or analytics