| Version | Supported |
|---|---|
| 0.0.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
- Do NOT open a public GitHub issue for security vulnerabilities
- Email your findings to security@similigh.com
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the vulnerability and determine its severity
- Updates: We will keep you informed of our progress
- Resolution: We aim to resolve critical issues within 7 days
- Credit: We will credit you in the release notes (unless you prefer anonymity)
This security policy applies to:
- The Simili-bot CLI
- The Simili-bot GitHub Action
- Official documentation
- Third-party dependencies (report to their maintainers)
- Self-hosted Qdrant instances
- User-configured API keys or tokens
When using Simili:
- Rotate API keys regularly
- Use GitHub Secrets for storing credentials
- Limit token permissions to the minimum required
- Review transfer rules before enabling cross-repo transfers
Thank you for helping keep Simili secure! 🔒