We actively support the following versions with security updates:
| Version | Supported | Status |
|---|---|---|
| 0.15.x | ✅ | Latest stable |
| 0.14.x | ❌ | End of life |
| < 0.14 | ❌ | End of life |
If you discover a security vulnerability in JsonAI, please report it to us as follows:
- Email: [email protected]
- Response Time: We will acknowledge receipt within 48 hours
- Updates: We'll provide regular updates on our progress
- Description of the vulnerability
- Steps to reproduce
- Potential impact assessment
- Any suggested fixes (optional)
- Acknowledgment: We'll confirm receipt within 48 hours
- Investigation: We'll investigate and validate the report
- Fix Development: We'll develop and test a fix
- Disclosure: We'll coordinate disclosure with you
- Release: We'll release the fix and security advisory
- Never commit API keys to version control
- Use environment variables for sensitive configuration
- Rotate keys regularly
- JsonAI processes user-provided schemas and prompts
- Generated data may contain sensitive information
- Implement proper access controls in production deployments
- Use HTTPS for API communications
- Implement rate limiting
- Validate all inputs to prevent injection attacks
- Be aware of potential biases in LLM outputs
- Validate generated data against your schemas
- Monitor for unexpected or malicious outputs
JsonAI is committed to responsible AI development:
- Transparency in model usage and limitations
- Bias detection and mitigation
- Privacy-preserving data handling
- Ethical use guidelines