Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 5.1.x | ✅ |
| 5.0.x | ❌ |
| 4.0.x | ✅ |
| < 4.0 | ❌ |
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.
At TheAlgorithm/Python, we take security seriously and value the contributions of ethical hackers and the security community in helping us maintain the security of our open-source projects. If you believe you have discovered a security vulnerability in this project or any related software or dependencies, we encourage you to responsibly disclose it to us.
Please follow these guidelines when reporting security vulnerabilities:
-
Do Not Publicly Disclose: Please do not publicly disclose the security issue or details until we've had a chance to review and address it.
-
Submit a Report: To report a security vulnerability, please email us at [email protected] with a detailed description of the issue, including any relevant logs, screenshots, and steps to reproduce the vulnerability. Please encrypt sensitive information using our PGP key: link-to-pgp-key.
-
Responsible Disclosure: We kindly request that you allow us time to review and address your report before disclosing it to others. We aim to acknowledge your report within 48 hours and will work with you to resolve the issue promptly.
-
Provide Contact Information: Include your contact information, such as your name and email address, so we can get in touch with you to coordinate the resolution of the vulnerability.
-
Cooperate with Us: Work with us to provide any additional information or clarifications as needed to assess and resolve the issue.
We are committed to addressing security vulnerabilities promptly. Once a security vulnerability is confirmed and fixed, we will:
- Release a new version or patch containing the fix.
- Provide credit to the security researcher, if desired, in the release notes or acknowledgments.
We follow responsible disclosure practices, which means that we aim to:
- Promptly acknowledge receipt of your report.
- Keep you informed of our progress in addressing the issue.
- Release a fix in a timely manner.
- Coordinate with you on the disclosure timeline, which typically involves waiting until a fix is available before making any public disclosures.
Thank you for helping us keep our project and users secure. Your efforts are greatly appreciated!