Skip to content

Security: Anandb71/arbor

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.1.x

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability in Arbor, please report it responsibly.

How to Report

  1. Do NOT open a public GitHub issue for security vulnerabilities
  2. Email security concerns to: anandbiju71@gmail.com
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

What to Expect

  • Response time: Within 48 hours
  • Fix timeline: Critical issues within 7 days, others within 30 days
  • Disclosure: Coordinated disclosure after fix is released

Scope

The following are in scope:

  • Arbor CLI (arbor-cli)
  • Arbor MCP Bridge (arbor-mcp)
  • Arbor Server (arbor-server)
  • Visualizer (Flutter desktop app)

Out of scope:

  • Third-party dependencies (report to upstream)
  • Issues requiring physical access

Security Best Practices

When using Arbor:

  • Keep your Arbor installation updated
  • Don't expose the WebSocket server (port 7433) to the public internet
  • Review the graph data before sharing .arbor/ directories

Thank you for helping keep Arbor secure!

There aren’t any published security advisories