Security Policy
We take the security of RAGAS seriously. If you discover a security vulnerability in this project, please report it to us privately. **Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
Loading actions...
Skill content
Main instructions and any bundled files for this skill.
Security Policy
Reporting Security Issues
We take the security of RAGAS seriously. If you discover a security vulnerability in this project, please report it to us privately. Do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
To report a vulnerability, please email us at [email protected]. While not all details are mandatory, providing as much information as possible will assist us in effectively triaging and addressing the issue. Please include:
- Type of Issue: (e.g., buffer overflow, SQL injection, cross-site scripting)
- Affected Versions: List the versions of RAGAS impacted by this vulnerability.
- Affected Files: Full paths of source files related to the issue.
- Location in Code: The location of the affected source code (tag/branch/commit or direct URL).
- Configuration Details: Any special configuration required to reproduce the issue.
- Environment: (e.g., Linux / Windows / macOS)
- Reproduction Steps: Step-by-step instructions to reproduce the issue.
- Proof-of-Concept or Exploit Code: (if possible)
- Impact Assessment: Description of the issue's impact and how an attacker might exploit it.
- Mitigation Suggestions: If possible, offer suggestions or patches to mitigate the issue.
This information will help us triage and address your report more quickly.
Supported Versions
The following versions of RAGAS are currently being supported with security updates.
| Version | Supported |
|---|---|
| 0.3.x | :white_check_mark: |
| 0.2.x | :x: |
| 0.1.x | :x: |
| < 0.1.x | :x: |
Security Update Policy
Upon receiving a security report, we will:
- Acknowledge receipt within 48 hours.
- Investigate and verify the issue.
- Develop a fix and prepare a release.
- Coordinate with the reporter to validate the fix.
- Release the fix and update all affected parties.
We aim to address critical issues within 7 days of disclosure.
Preferred Languages
We prefer all communications to be in English.
Policy
We follow the principle of Coordinated Vulnerability Disclosure.
Acknowledgments
We appreciate the efforts of security researchers and users who report vulnerabilities to us. Your contributions help improve the security of RAGAS.
References
For more information on security reporting and policies, you may refer to:
- GitHub's Guide to Reporting Security Vulnerabilities
- Open Source Security Foundation (OpenSSF) Best Practices
This policy is subject to change without notice. Please refer to the latest version in our repository.
Related Skills
Frontend Typescript Linting.mdc
TypeScript and ESLint rules that MUST be followed when creating, modifying, or reviewing any file under apps/frontend/, including .ts, .tsx, .js, and .jsx files. Also apply when discussing frontend li...
2. Apply Deepthink Protocol (reason about dependencies
risks