Promptfoo is currently in active pre-1.0 development (version 0.x.x). Only the latest release of Promptfoo receives security updates. Earlier releases are not supported. We strongly recommend updating regularly to the most recent version.
| Version | Supported |
|---|---|
| Latest 0.x.x | ✅ Supported |
| < Latest 0.x.x | ❌ Unsupported |
If you've discovered a security vulnerability in Promptfoo, please do not report it publicly.
Instead, please follow our Responsible Disclosure Policy to report issues securely and privately. You'll find instructions on how to provide the necessary information, our process for handling vulnerabilities, and our commitment to timely responses.
For a detailed definition of vulnerabilities within scope and issues we do not consider security-related, please refer to our Responsible Disclosure Policy.
We greatly appreciate researchers who responsibly disclose vulnerabilities. With your consent, we will acknowledge your contributions publicly in our release notes, changelog, or security announcements.
Thank you for helping to secure Promptfoo!