| Version | Supported |
|---|---|
| latest | Yes |
| < latest | No |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public issue
- Email n24q02m@gmail.com with details
- Include steps to reproduce if possible
- Allow reasonable time for a fix before disclosure
- Dependencies are regularly updated via Renovate
- All code changes require review before merging
- CodeQL analysis runs on every push
- No secrets are hardcoded in the repository
- Modal workers use per-app API keys (
<APP>_WORKER_API_KEY) for endpoint authentication, providing credential isolation per consumer app - Key comparison uses
hmac.compare_digestto prevent timing attacks - LiteLLM virtual keys provide additional per-app credential isolation at the proxy layer