We are committed to ensuring the security of the eval-protocol library. Security updates and patches will typically be applied to the latest released version. Please ensure you are using a recent version to benefit from the latest security fixes.

(This table should be updated as new major/minor versions are released)

The eval-protocol team and community take all security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security vulnerability, please do not create a public GitHub issue. Instead, send an email to the following address:

[email protected]

Please include the following details in your report:

• A clear description of the vulnerability.
• Steps to reproduce the vulnerability, including any specific configurations or sample code.
• The version(s) of eval-protocol affected.
• Potential impact of the vulnerability.
• Any suggested mitigations or fixes, if you have them.

We will endeavor to acknowledge receipt of your vulnerability report within 48 hours and provide an initial assessment or request for more information. We aim to address critical vulnerabilities promptly.

We kindly ask that you do not disclose the vulnerability publicly until we have had a chance to investigate and address it. We will coordinate with you on the public disclosure once a fix is available.

Thank you for helping keep eval-protocol secure.