The MemMachine team takes the security of our project and its users very seriously. We appreciate the efforts of security researchers and others who work to responsibly disclose vulnerabilities.

We have enabled GitHub's private vulnerability reporting feature for this repository. This is the preferred method for reporting security vulnerabilities.

Please DO NOT create a public GitHub issue. Publicly disclosing a vulnerability may put the community at risk.

To report a vulnerability, please visit the Security tab of our repository and click on "Report a privately reported vulnerability". We will acknowledge your report within 2 business days and work with you to understand the issue and coordinate a resolution.

To help us more effectively and quickly address the vulnerability, please include the following information in your report:

• Description: A clear and concise description of the vulnerability.
• Steps to Reproduce: A minimal, reproducible code snippet or steps that can be used to demonstrate the vulnerability.
• Environment: The operating system, library version, and any other relevant details.
• Expected Behavior: A description of what you expected to happen without the vulnerability.

We are committed to providing security updates for the latest stable version of MemMachine.

• Latest Major Version (e.g., v1.x.y): We will provide security patches and fixes for any security vulnerabilities in this version.
• Previous Major Versions: We will not provide security patches for older versions. Please upgrade to the latest version to ensure you are protected.

We believe in coordinated, responsible disclosure. Once a vulnerability is reported, we will work to validate and fix the issue. We will then announce the vulnerability and the fix in a public GitHub Security Advisory, giving credit to the reporter unless they wish to remain anonymous. We ask that reporters do not disclose the vulnerability publicly until we have released a fix.