Akasha is currently in early development. Security fixes are applied to the latest release only.
| Version | Supported |
|---|---|
| latest | ✓ |
| older | ✗ |
Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in Akasha, please report it privately. You can do this in one of two ways:
-
GitHub private vulnerability reporting — use the Security tab in the repository to submit a private advisory
-
Email — contact the maintainer directly at the email address listed on their GitHub profile
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations if known
- Acknowledgement of your report within 48 hours
- An assessment of severity and impact within 5 business days
- A fix timeline communicated as soon as one is determined
- Credit in the security advisory if you would like it
The following are in scope:
- The Akasha platform (
akasha-os/akasha) - The connector SDK (
akasha-os/connector-sdk) - The MCP server (
akasha-os/mcp)
The following are out of scope:
- Third-party services and connectors not maintained by akasha-os
- Vulnerabilities in self-hosted infrastructure (your server, your Docker setup)
- Social engineering attacks
Akasha is designed to run on infrastructure you control. A few things to keep in mind:
- API keys — store your LLM provider keys only in
.env, never commit them - Network — do not expose Akasha ports (Neo4j, Qdrant, RabbitMQ, MinIO) directly to the internet
- Auth — Akasha does not currently include authentication. Run it on a private network or behind a VPN
- Backups — back up your Neo4j and PostgreSQL data regularly