Do not open public issues for security vulnerabilities.
Please report vulnerabilities privately to: security@zaber-dev.dev
Include:
- affected version
- reproduction steps
- potential impact
- suggested mitigation if available
- acknowledgment: within 48 hours
- triage: within 5 business days
- fix timeline: based on severity and impact
| Version | Supported |
|---|---|
| 0.1.x | Yes |
| <0.1.0 | No |
- Never hardcode API keys.
- Use environment variables for provider credentials.
- Avoid storing sensitive prompt data in plaintext logs.
- Review custom evaluators before production use.