| Version | Supported |
|---|---|
| 2.3.x | ✅ |
| < 2.3 | ❌ |
We take the security of LittleAIBox seriously. If you believe you have found a security vulnerability, please report it privately.
- Open a public GitHub issue
- Discuss in public channels
Email: diandiancha101@gmail.com
Subject: [SECURITY] - Brief description
Include:
- Type of vulnerability
- Affected files/paths
- Steps to reproduce
- Potential impact
- Initial Response: Within 48 hours
- Assessment: Within 7 days
- Fix Timeline: Critical (24h) | High (7d) | Medium (30d) | Low (next release)
- Local Processing: All file parsing happens in your browser
- No Upload: Files never leave your device
- IndexedDB: Chat history stored locally
- API Key Isolation: User keys stored separately
- JWT Authentication: Secure token-based auth
- Password Hashing: Industry-standard bcrypt
- HTTPS Only: All communications encrypted
- Rate Limiting: DDoS protection
- API Key Rotation: Multi-key management with failover
- Cloudflare: DDoS protection & WAF
- CSP Headers: Content Security Policy
- No Logging: Minimal data collection
- Regular Audits: Security reviews
When using LittleAIBox:
- Use Your Own API Keys - Always use your own Gemini API keys
- Never Commit Keys - Keep API keys in environment variables
- Stay Updated - Regularly update to the latest version
- Strong Passwords - Use unique, strong passwords
- HTTPS Only - Always use HTTPS in production
- Email: diandiancha101@gmail.com
- GitHub: @diandiancha
Last Updated: January 2025