Security Policy¶
We will support the latest stable release of python-package-template. Please
ensure you are using the most recent version before reporting a security issue.
| Version | Supported |
|---|---|
| Latest | ✅ |
| < 1.0 | ❌ |
Notes:
- Update this table when you release version 1.0 or later
- Consider your project's versioning strategy and support policy
- For pre-1.0 versions, you may want to support multiple recent versions
Reporting a Vulnerability¶
If you discover a security vulnerability in python-package-template, please
report it using GitHub's private vulnerability reporting feature:
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the vulnerability report form with:
- A description of the vulnerability
- Steps to reproduce
- Affected versions
- Your operating system and Python version
- Any proof-of-concept code (if applicable)
Please do not open a public issue or discussion. GitHub's private vulnerability reporting keeps the issue confidential until a fix is available.
Response Timeline¶
We aim to:
- Acknowledge receipt within 24 hours
- Investigate and assess the vulnerability within 3–5 business days
- Provide a security patch in a timely manner
- Publish a security advisory once the fix is released
- Credit the reporter (if desired)
Responsible Disclosure¶
Thanks¶
We value the security of our users and appreciate responsible disclosures. Thank
you for helping make python-package-template better and safer!