We value the work of security researchers who help keep our users safe. To responsibly and confidentially disclose vulnerabilities in any of our code, email a report to [email protected] or use the form at hash.ai/contact - please do not open a public thread, Issue or Discussion on this GitHub repository containing any security-related reports as this may put users at risk.
We maintain a bug bounty program that rewards security researchers who responsibly disclose vulnerabilities contained within certain HASH-authored code, including some of that which has been made available in this repository. More information can be found at hash.ai/security
Please note: vulnerabilities in our public repositories that stem from contributions authored by users outside of the hashintel
GitHub organization are not guaranteed to be covered by this program.
Security updates are only published for the latest minor version of each of our packages. We have no expectation of beginning to publish security patches for older versions of our packages in the near future.
If you are an enterprise customer with specific security requirements you can contact us via the HASH website or email [email protected]
You can read more about our approach to security, privacy, confidentiality, data integrity and availability on our website at hash.ai/security