Version | Supported |
---|---|
v0.1.11 | ✅ |
v0.1.10 | ✅ |
v0.1.9 | ✅ |
v0.1.8 | ✅ |
v0.1.7 | ❌ |
v0.1.6 | ✅ |
< v0.1.5 | ❌ |
We take the security of our Python package very seriously. If you believe you've found a security vulnerability in our package, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
-
Private Disclosure: Please do not disclose the vulnerability publicly. Give us a reasonable amount of time to address the issue before sharing it with others.
-
Provide Detailed Information:
- Type of Vulnerability: Describe the nature of the vulnerability.
- Steps to Reproduce: Provide a step-by-step guide so that we can reproduce the issue on our end. This will help us resolve the problem more efficiently.
- Version Affected: Mention the version(s) of the package where you noticed the vulnerability.
- Potential Impact: If possible, let us know your thoughts on the potential impact of the vulnerability.
-
Use a Descriptive Subject Line: When sending an email or creating an issue, use a subject that describes the vulnerability, such as "Cross-site Scripting (XSS) Vulnerability in [Function/Feature Name]" or "Buffer Overflow in [Function/Feature Name]."
-
Avoid Data Destruction: If the vulnerability involves any kind of data deletion or corruption, please refrain from executing it on live platforms.
You can report vulnerabilities by:
- GitHub Issue: Create a new issue on our GitHub repository (if it's a private repository or if you think the disclosure can be made in this manner).
Upon receiving your report:
- We will acknowledge receipt of your vulnerability report within 48 hours.
- We'll work to confirm the vulnerability and keep you updated on our progress.
- Once the issue is resolved, we'll notify you and provide details of the resolution.
We kindly ask that you:
- Do not exploit the vulnerability beyond what is necessary to demonstrate it.
- Do not use the vulnerability to access, delete, alter, or otherwise harm data.
- Do not reveal the vulnerability to others until it has been resolved.
We are committed to addressing all security issues in a timely manner and appreciate your effort in responsibly disclosing them to us.