We take the security of Humanizer seriously. If you believe you've found a security vulnerability, please follow these guidelines:
Preferred Method: Use GitHub's private vulnerability reporting feature:
- Go to the Security tab
- Click "Report a vulnerability"
- Provide details about the vulnerability
Alternative Method: If you cannot use GitHub's feature, you may create an issue with the [security] label prefix, but note that this will be publicly visible.
Please provide as much information as possible:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Any suggested fixes (optional)
- Initial Response: Within 48 hours
- Status Update: Within 5 business days
- Resolution Target: Depends on severity (see below)
| Severity | Response Time | Resolution Target |
|---|---|---|
| Critical | 24 hours | 7 days |
| High | 48 hours | 14 days |
| Medium | 5 days | 30 days |
| Low | 10 days | Next release |
- Acknowledgment: We'll confirm receipt of your report within 48 hours
- Assessment: Our team will evaluate the vulnerability and determine severity
- Communication: We'll keep you informed of our progress
- Resolution: Once fixed, we'll notify you and optionally credit you (with your permission)
| Version | Supported |
|---|---|
| 2.3.x | ✅ Yes |
| 2.2.x | ✅ Yes |
| < 2.2 | ❌ No |
While we work to keep Humanizer secure, please also follow these best practices:
- Keep Updated: Always use the latest version
- Review Permissions: Only grant necessary tool access
- Validate Input: Be cautious with untrusted text input
- Report Issues: Don't hesitate to report potential vulnerabilities
We welcome responsible security research. If you're conducting security research on Humanizer:
- Please coordinate with us first
- Avoid testing on production systems
- Respect user privacy and data
Last Updated: 2026-03-03
Contact: For security questions, please use the vulnerability reporting system above.