Currently, only the latest minor version of outlier is supported with security updates.
| Version | Supported |
|---|---|
| 0.4.x | ✅ |
| < 0.4.0 | ❌ |
Outlier is designed as a Zero-Trust, Local-First framework. We consider any unintended external network request, data exfiltration, or telemetry leakage to be a critical P0 security vulnerability.
If you discover a vulnerability, please do NOT open a public issue. Instead, email the maintainers directly.
- Any code that sends
.githistory or~/.claudesession logs to an external server. - Any code execution vulnerabilities triggered by parsing the
Co-Authored-Bystrings in Git history. - Supply chain attacks or malicious dependencies introduced in
package.json.
We will respond within 48 hours and issue a patch immediately.