Security

SECURITY.md

Security Policy

We take vulnerabilities seriously.

How to report

Use GitHub Security Advisories (private vulnerability reporting) for security reports.

Do not publish exploitable details in public issues.

What to include in the report

affected component;
potential impact;
reproduction steps;
version/commit used;
mitigation suggestion (if any).

Response window (best effort)

Initial screening: up to 5 business days.
Correction plan: up to 15 business days for valid cases.

No SLA on Community edition.

Scope of this policy

AMP Community repository.
Does not cover third-party local customizations.

There aren’t any published security advisories