If you discover a security vulnerability in Herald, please report it responsibly.
Email: security@kolapsis.com
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: within 48 hours
- Initial assessment: within 1 week
- Fix and disclosure: coordinated with reporter
- Herald server (Go binary)
- OAuth 2.1 implementation
- MCP protocol handling
- SQLite storage
- Configuration parsing
- Claude Code CLI vulnerabilities (report to Anthropic)
- Infrastructure misconfigurations
- Social engineering
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Previous release | Security fixes only |
| Older | ❌ |