| Version | Supported |
|---|---|
| 0.1.x (pre-release) | Yes |
| < 0.1.0 | No |
ModelDock is in early (pre-1.0) development. The latest published version receives security fixes.
If you discover a security vulnerability within ModelDock, please report it privately. Do NOT report security vulnerabilities through public GitHub issues.
Send an email to opensource@openagenthq.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Your contact information
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Fix Released: Within 30 days (for critical issues)
- We acknowledge receipt of your report.
- We confirm the vulnerability and determine its impact.
- We develop and test a fix.
- We release the fix and update the changelog.
- We publicly disclose the vulnerability after the fix is released.
- Keep ModelDock and its dependencies up to date (
pip install -U modeldock). - Use environment variables for any secrets; never hardcode them.
- Download models only from trusted runtimes/registries.
- Review the bundled
catalog.jsonand any remote registry sources.
- Follow secure coding practices; validate input at boundaries.
- Never commit secrets or
.envfiles (see.gitignore). - Raise typed
ModelDockErrorsubclasses — never swallow errors silently. - Run
bandit -r srcas part of local checks.
For security-related questions or concerns, contact:
- Email: opensource@openagenthq.com
We thank the researchers who responsibly disclose vulnerabilities to keep ModelDock and its users safe.