| Version | Supported |
|---|---|
| 0.x.x | ✅ |
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: security@langchain.dev
Include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours.
- Updates: We will provide updates on the status of your report as we investigate.
- Resolution: Once the vulnerability is confirmed, we will work on a fix and coordinate disclosure with you.
- Credit: We will credit reporters in the release notes (unless you prefer to remain anonymous).
This security policy applies to:
- The openwork desktop application
- The npm package
openwork - This GitHub repository
- Third-party dependencies (please report to the respective maintainers)
- LLM provider APIs (Anthropic, OpenAI, Google)
- Social engineering attacks
When using openwork:
- API Keys: Store API keys securely using environment variables rather than hardcoding them.
- Sensitive Data: Be cautious when giving agents access to directories containing sensitive information.
- Human-in-the-Loop: Use the approval system for sensitive operations.
- Updates: Keep openwork updated to receive security patches.