| Version | Supported |
|---|---|
| 1.0.x | Yes |
| < 1.0 | No |
If you discover a security vulnerability in StackMemory, please report it responsibly.
Email: hello@stackmemory.ai
What to include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Response timeline:
- Acknowledgment within 48 hours
- Status update within 7 days
- Fix timeline communicated within 14 days
Please do NOT:
- Open a public GitHub issue for security vulnerabilities
- Exploit the vulnerability beyond what is needed to demonstrate it
- Share the vulnerability with others before it is resolved
The following are in scope:
- StackMemory CLI and daemon
- MCP server integration
- Database storage (SQLite adapter)
- Authentication and credential handling
Out of scope:
- Third-party dependencies (report to their maintainers)
- Issues in user-provided configuration files