AutoGluon RAG actively supports the last two minor versions of the latest major release.
AutoGluon RAG employs automated tools for security scanning:
- Dependency Analysis: We use GitHub's Dependabot to automatically detect and update vulnerable dependencies.
- Code Scanning: We utilize GitHub's CodeQL for static code analysis to identify potential security issues.
If you discover a security vulnerability in AutoGluon RAG, please report it by emailing autogluon-security@amazon.com. This email is directly monitored by the AutoGluon security maintenance team.
Do not report security vulnerabilities through public GitHub issues.
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Any potential impacts of the vulnerability
Upon receiving a security vulnerability report:
- Our team will investigate and validate the reported vulnerability.
- We will work privately on developing and testing a fix.
- Once ready, we will release a dedicated security patch as swiftly as the complexity of the issue allows.
- We will publicly disclose the vulnerability after the patch is released, giving credit to the reporter if desired.
We appreciate your efforts in responsibly disclosing your findings and contributing to the security of AutoGluon RAG.
We strongly recommend keeping your AutoGluon RAG installation up-to-date with the latest releases to ensure you have all security patches.
For more information about security practices in AutoGluon projects, please refer to the AutoGluon Security Policy.