Security Policy

Bleu.js is committed to providing a secure and reliable platform for AI development. This security policy outlines our approach to security, vulnerability management, and support lifecycle.

Supported Versions

We provide security updates and support for the following versions:

VersionSupportedEnd of Support
4.xMay 2027
3.xNovember 2025
1.1.xDecember 2025

Current Version Support

We currently support Bleu.js versions 1.1.x, 3.x, and 4.x with active security updates and maintenance.

For the latest features and security improvements, we recommend upgrading to the latest version. See our upgrading guide for assistance.

Reporting a Vulnerability

We encourage responsible disclosure of security vulnerabilities in Bleu.js. To report a security issue, please follow these steps:

  1. Do not disclose the vulnerability publicly - This could put users at risk
  2. Email us directly at [email protected]
  3. Include detailed information about the vulnerability, including:
    • Description of the issue
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if available)
  4. Allow us time to respond - We typically respond within 24-48 hours

Security Measures

Input Validation

All user inputs are validated and sanitized to prevent injection attacks and data corruption.

Authentication

Secure authentication using Clerk with OAuth providers and proper session management.

Rate Limiting

Comprehensive rate limiting to prevent abuse and ensure fair usage across all plans.

Data Protection

Encryption in transit and at rest, with secure API key management and data handling.

Security Updates

We release security updates as soon as possible after discovering vulnerabilities. Updates are distributed through our normal release channels:

Bug Bounty Program

We offer a bug bounty program for security researchers who find and responsibly disclose vulnerabilities. See our Bug Bounty Program for details.

Important: If you discover a security vulnerability, please report it privately to [email protected] before disclosing it publicly.