| Version | Supported |
|---|---|
| 1.0.x | Yes |
If you discover a security vulnerability in NeuronDB, please report it by emailing:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- We aim to acknowledge receipt within 48 hours
- We will investigate and provide an initial assessment within 7 days
- We will work with you to understand and resolve the issue
- Please do not publicly disclose the vulnerability until we have released a fix
- We will credit you in the security advisory (unless you prefer to remain anonymous)
- We follow responsible disclosure practices
When using NeuronDB:
- Access Control: Use PostgreSQL role-based access control
- Encryption: Enable SSL/TLS for all connections
- Updates: Keep PostgreSQL and NeuronDB up to date
- Auditing: Enable query logging for sensitive operations
- Validation: Validate all user inputs before vector operations
- Vector encryption features are for demonstration; use PostgreSQL's native encryption for production
- HTTP/LLM integration requires secure credential management
- Shared memory buffers should be sized appropriately to prevent DoS
Thank you for helping keep NeuronDB secure!