We take the security of CoDRAG seriously. If you discover a security vulnerability, please report it to us immediately.
Do NOT file public GitHub issues for security vulnerabilities.
Please email security@codrag.io with a description of the issue, steps to reproduce, and any proof-of-concept code.
- Acknowledgment: We will acknowledge receipt of your report within 24 hours.
- Assessment: We will assess the impact and severity within 3 business days.
- Resolution: We aim to release a fix for critical vulnerabilities within 7 days.
We provide security updates for the latest major release of the CoDRAG Desktop Application and the CoDRAG MCP Server.
| Version | Supported | Notes |
|---|---|---|
| Latest Release | ✅ | Always upgrade to the latest version for security fixes. |
| < Latest | ❌ | Older versions are not actively patched. |
All official releases of CoDRAG are signed.
- macOS: Signed with our Apple Developer ID and notarized by Apple.
- Windows: Signed with our EV Code Signing Certificate.
Do not run CoDRAG binaries that fail signature verification or originate from untrusted sources.