Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
We take the security of Teko seriously. If you believe you've found a security vulnerability, please follow these steps:
- Do not disclose the vulnerability publicly
- Email the security team at security@example.com with details about the vulnerability
- Include the following information:
- Type of issue
- Full paths of source file(s) related to the issue
- Location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
- We will acknowledge receipt of your vulnerability report within 3 business days
- We will provide a more detailed response within 10 business days
- We will work with you to understand and resolve the issue
- Once the issue is resolved, we will post a security advisory to the repository
- All API keys are stored securely using Laravel's environment variables
- Production keys are never committed to the repository
- API keys have limited scopes and permissions
- Role-based access control using Laravel Entrust
- Regular permission audits
- Secure authentication via Laravel Socialite
- Dependencies are regularly updated to patch security vulnerabilities
- Automated security scanning is performed on all pull requests
- Weekly security scans are performed on the main branch
- All sensitive data is encrypted at rest and in transit
- Regular backups are performed
- Access to production data is strictly controlled
- LangChain and AI agent operations are sandboxed
- Input validation and sanitization for all AI interactions
- Secure storage of AI model access tokens
- Rate limiting for AI operations
- Monitoring for unusual behavior or requests
We would like to thank all security researchers who have helped improve the security of Teko.