11# Security Vulnerabilities
22
3- Our policy for security related issues is to fix related issues within our power on the most recent minor release.
3+ Our policy for security related issues is to fix related issues within our power on the most recent major release.
44
55## Versioning
66
7- Generally, we try to follow semantic versioning: ` major.minor .patch ` .
7+ Versioning follows [ PEP440 ] ( https://peps.python.org/pep-0440/ ) : ` major.minior .patch ` .
88
99Versions | Description
1010-------- | -----------
@@ -16,25 +16,8 @@ Example
1616
1717```
18188.0
19- 8.0.3
20- ```
21-
22- Occasionally, we may provide an alpha, beta, or release candidate introducing experimental features or fixes that are
23- not ready for a wide audience. This usually follows the the approach of: ` major.minor.patch(a | b | rc)(prerelease_number) ` .
24-
25- Example:
26-
27- ```
28- 8.0b1
29- 8.0.3rc2
30- ```
31-
32- Even more rare, we may fix a non functional change, maybe documentation building was broken in the release, or bad
33- metadata for PyPI. In these cases, we may release a postfix: ` major.minor.patch.post(postfix_number) ` .
34-
35- ```
36- 8.0.post1
37- 8.0.3.post2
19+ 8.1
20+ 8.1.3
3821```
3922
4023## Create Security Vulnerability Report
@@ -49,8 +32,9 @@ We will strive to acknowledge the report in about two business days.
4932
5033Reports will be kept private until the issue is properly understood.
5134
52- If the report is accepted, we will request a CVE from GitHub and work with the reporter to find a resolution. Work will
53- be done privately, and the final commit will not mention the security issue.
35+ If the report is accepted we will notify Tidelift (who we've partnered with), request a CVE from GitHub, and work with
36+ the reporter to find a resolution. Work will be done privately, and the final commit will not mention the security
37+ issue.
5438
5539The fix, announcement, and release will be negotiated with the reporter.
5640
0 commit comments