This security policy applies to all public projects under the langflow-ai organization on GitHub. We prioritize security and continuously work to safeguard our systems. However, vulnerabilities can still exist. If you identify a security issue, please report it to us so we can address it promptly.

• Fixes are released either as part of the next minor version (e.g., 1.3.0 → 1.4.0) or as an on-demand patch version (e.g., 1.3.0 → 1.3.1).
• Security fixes are given priority and might be enough to cause a new version to be released.

Please do not report security vulnerabilities through public GitHub issues or GitHub security advisories. To report a vulnerability, submit a report on HackerOne. Include a clear description of the issue, steps to reproduce, the Langflow version, and any known or suggested mitigations. Our team aims to respond to all new vulnerability reports within 7 business days.