Only the latest release is actively maintained. Security fixes are applied to the current minor version only.
| Version | Supported |
|---|---|
| 0.4.x (latest) | Yes |
| < 0.4 | No |
Please do not open a public GitHub issue for security vulnerabilities.
Report issues privately by emailing yuhao19980603@gmail.com with the subject line beginning SECURITY:.
Include:
- a brief description of the issue
- steps to reproduce or a proof-of-concept if applicable
- the version(s) affected
Response expectations:
- Acknowledgement within 14 days.
- Fix or mitigation on a best-effort basis; this is a solo-maintained research software package with no guaranteed SLA.
- Credit will be given in the CHANGELOG unless you prefer to remain anonymous.