| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3 | ❌ |
We take the security of M-flow seriously. If you discover a security vulnerability, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please use one of the following methods:
-
GitHub Security Advisories (preferred): Navigate to the Security tab of this repository and click "Report a vulnerability."
-
Email: Send a detailed report to contact@xinliuyuansu.com.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 5 business days
- Resolution target: Within 30 days for critical issues
The following are in scope:
- M-flow backend (
m_flow/) - M-flow frontend (
m_flow-frontend/) - M-flow MCP server (
m_flow-mcp/) - Official Docker images
- Dependencies with known CVEs affecting M-flow
We appreciate responsible disclosure. Contributors who report valid security issues will be acknowledged in the release notes (unless they prefer to remain anonymous).