Only the latest main branch and the latest tagged release are supported for security fixes.

Do not open public issues containing private documents, API tokens, stack traces with secrets, or exploit details. If GitHub private vulnerability reporting is enabled on the repository, use that channel. Otherwise, open a minimal public issue that says a private security report is available and wait for maintainer contact before sharing details.

• The API is intended for local use unless it is deployed behind a hardened gateway.
• POST /query requires a bearer token from VISORAG_API_TOKEN.
• Built-in demo token defaults and .env.example placeholders are for local development only.
• CORS is permissive to preserve the notebook API behavior; restrict it before internet deployment.
• Uploaded documents, filenames, and query snippets may contain sensitive data and should not be logged or committed.
• File parsing for PDFs, DOCX files, and images has supply-chain and malformed-file risk.
• Prompt injection is possible when untrusted document content controls visible text.
• GPU runtime dependencies and model weights inherit their own licenses and security posture.

See docs/security-model.md for more detail.