If you discover a security vulnerability in plexus-agent, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email support@plexus.company with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix or mitigation: Depends on severity, but we aim for 30 days for critical issues
| Version | Supported |
|---|---|
| 0.9.x | Yes |
| < 0.9 | No |
We follow coordinated disclosure. We ask that you give us reasonable time to address the issue before making it public. We will credit reporters in the release notes unless they prefer to remain anonymous.