We provide security updates for the following versions:
| Version | Supported |
|---|---|
| Latest | ✅ |
If you discover a security vulnerability, please report it through one of the following channels:
- GitHub Security Advisories: Use the "Report a vulnerability" button in the Security tab of this repository
- Email: Contact the maintainers directly (preferred for critical issues)
We take security issues seriously and will respond promptly.
Please do not report security vulnerabilities through public GitHub issues.
- A description of the vulnerability
- Steps to reproduce or proof-of-concept
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Regular updates on our progress
- Credit for responsible disclosure (if desired)
When using Swama:
- Keep your installation up to date
- Be cautious when downloading models from untrusted sources
- Monitor system resources when running large models
- Use appropriate network security when running the API server
This security policy applies to:
- The main Swama application
- SwamaKit framework
- CLI tools
- Official documentation and examples
Third-party dependencies are covered by their respective security policies.