We actively support the following versions of LegacyEvolve Protocol (LEP) with security updates:
| Version | Supported |
|---|---|
| 2.1.x | ✅ |
| 2.0.x | ✅ |
| < 2.0 | ❌ |
We take security seriously. If you discover a security vulnerability in LegacyEvolve or MACP, please report it responsibly.
- Do NOT open a public GitHub issue for security vulnerabilities
- Email us directly at: creator35lwb@gmail.com
- Use GitHub Security Advisories (preferred): Report a vulnerability
Please provide as much information as possible:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact (e.g., data exposure, privilege escalation)
- Affected versions (if known)
- Suggested fix (if you have one)
- Your contact information for follow-up
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix timeline: Depends on severity
- Critical: 1-7 days
- High: 7-30 days
- Medium: 30-90 days
- Low: 90+ days or next release
- We follow coordinated disclosure principles
- We will work with you to understand and fix the issue
- We will credit you in the security advisory (unless you prefer to remain anonymous)
- We will publish a security advisory once a fix is available
- Please allow us 90 days to fix the issue before public disclosure
- Security fixes are released as patch versions (e.g., 2.1.1)
- Critical security updates may be backported to older supported versions
- We will publish a GitHub Security Advisory for all security issues
- We will update this SECURITY.md file with known vulnerabilities
When using LegacyEvolve Protocol:
- Keep dependencies updated - Use Dependabot or similar tools
- Use virtual environments - Isolate LEP from other Python packages
- Validate inputs - Never trust data from legacy systems without validation
- Use TLS 1.3+ - Ensure secure communication between AI agents and legacy systems
- Audit adapter code - Review custom adapters for security issues
- Follow least privilege - Grant minimal permissions to LEP processes
- Monitor logs - Watch for suspicious activity in LEP logs
None currently reported.
We will update this section if vulnerabilities are discovered.
We use the following tools to scan for vulnerabilities:
- Dependabot - Dependency vulnerability scanning
- CodeQL - Semantic code analysis
- Bandit - Python security linting
- Safety - Python dependency security checks
All scans run automatically on every push and pull request.
- Email: creator35lwb@gmail.com
- GitHub Security Advisories: Report a vulnerability
- Project Lead: Alton Lee (creator35lwb-web)
- CTO: L (GODEL) - AI Agent
We thank the following security researchers for responsibly disclosing vulnerabilities:
(None yet - be the first!)
Thank you for helping keep LegacyEvolve and MACP secure!
This security policy is part of our commitment to building a safe and trustworthy Digital Public Good.