We take security seriously and appreciate the efforts of security researchers to improve the security of our codebase. If you discover a security vulnerability within our project, please follow these guidelines to report it to us:

Note: Only report sensible vulnerability report details via Github Security Advisory System. Every other communication channel are public and should be used only to initiate first contact and to initiate a private communication channel.

• Option 1: GitHub Security Advisory System: We encourage you to use GitHub's Security Advisory system to report any security vulnerabilities you find. This allows us to receive vulnerability reports directly through GitHub. You can find more information on how to submit a security advisory report in the GitHub Security Advisories documentation.
• Option 2: Github issues: You can initiate first contact via Github Issues. Please note that initial contact through Discord should not include any sensitive details.
• Option 3: Discord Server: You can join our Discord community and initiate first contact in the #issues channel. Please note that initial contact through Discord should not include any sensitive details.

After initial contact, we will use this initial contact to establish a private communication channel for further discussion.

• A clear description of the vulnerability, including steps to reproduce it
• The version(s) of the project affected by the vulnerability
• Any additional information that may be useful for understanding and addressing the issue We will make every effort to acknowledge your report within 72 hours and keep you informed of its progress towards resolution.

We are committed to maintaining the security of our open-source project named ChatGPT-Clone and promptly addressing any identified vulnerabilities. To ensure the security of our project, we follow these practices:

• We prioritize security updates for the current major release of our software.
• We actively monitor the GitHub Security Advisory system and the #issues channel on Discord for any vulnerability reports.
• We promptly review and validate reported vulnerabilities and take appropriate actions to address them.
• We release security patches and updates in a timely manner to mitigate any identified vulnerabilities.

Please note that as a security-conscious community, we may not always disclose detailed information about security issues until we have determined that doing so would not put our users or the project at risk. We appreciate your understanding and cooperation in these matters.

This security policy applies to the following GitHub repository:

• Repository: ChatGPT-Clone

If you have any questions or concerns regarding the security of our project, please join our Discord community and report them in the appropriate channel. You can also reach out to us by opening an issue on GitHub. Please note that the response time may vary depending on the nature and severity of the inquiry.

We would like to express our gratitude to the security researchers and community members who help us improve the security of our project. Your contributions are invaluable, and we sincerely appreciate your efforts.

We do not currently have a bug bounty program in place. However, we welcome and appreciate any security-related contributions through pull requests (PRs) that address vulnerabilities in our codebase. We believe in the power of collaboration to improve the security of our project and invite you to join us in making it more robust.