Security updates are provided only for the latest released version. If a vulnerability is reported, we will release a fix in the next patch version. Please upgrade immediately to the newest version to ensure you are protected.
We take the security of pygha seriously. If you believe you have found a security vulnerability, please do not open a public issue.
-
GitHub Private Reporting (Preferred):
- Go to the Security tab of the repository.
- Click on "Report a vulnerability".
-
Email:
- If GitHub Private Reporting is not available, please email the maintainer directly at [email protected]
- Please include "SECURITY:pygha" in the subject line.
We proactively use the following tools in our CI/CD pipeline to ensure code security:
- Bandit: Scans Python code for common security issues.
- CodeQL: Performs semantic code analysis to find vulnerabilities.
- Dependency Review: Checks pull requests for vulnerable dependencies.
- We aim to acknowledge your report as soon as possible, typically within 48 hours.
- We will provide an estimated timeline for a fix once the issue is analyzed.
- We will notify you when the fix is released.
- We will credit you in the release notes (unless you prefer to remain anonymous).