See docs/TRUST.md for SHA-256 checksums (SHA256.txt) and VirusTotal guidance.
| Version | Supported |
|---|---|
| 1.5.x | ✅ |
| 1.1.x | ✅ |
| 1.0.x | ✅ |
Please do not open a public GitHub issue for security vulnerabilities.
Instead, report them privately by opening a GitHub Security Advisory (if enabled on the repository) or by contacting the maintainers through a private channel listed in the repository profile.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to acknowledge reports within 7 days.
OmniParse fetches user-supplied URLs server-side. Deployments should:
- Run the API on trusted networks or behind authentication for production use
- Restrict outbound network access if operating in sensitive environments
- Keep dependencies updated via
cargo update(infrontend/src-tauri) andnpm update(infrontend)