| Version | Supported |
|---|---|
| 1.5.x | ✅ |
| < 1.5 | ❌ |
We take security issues seriously and appreciate your efforts to responsibly disclose your findings.
- Do not create a public GitHub issue for security vulnerabilities
- Email your findings to [email protected]
- Include a detailed description of the vulnerability
- Include steps to reproduce the issue
- If applicable, include proof of concept code
- We will acknowledge your email within 48 hours
- We will keep you informed of the progress towards fixing the vulnerability
- We will notify you when the vulnerability has been fixed
While we don't currently have a formal bug bounty program, we are happy to acknowledge significant security improvements with a mention in our release notes (unless you prefer to remain anonymous).
Security updates will be released as patch versions (e.g., 1.5.1, 1.5.2). We recommend always running the latest patch version of the library.
- Always keep your dependencies up to date
- Never commit API keys or sensitive information to version control
- Use environment variables for configuration
- Regularly rotate your API keys
- Follow secure coding practices
- Validate all inputs
- Use parameterized queries to prevent SQL injection
- Keep dependencies up to date
- Run security scanners as part of your development workflow
We regularly update our dependencies to include the latest security patches. You can check for known vulnerabilities in our dependencies using:
pip install safety
safety checkAll data in transit is encrypted using TLS 1.2+.
If you find a security issue in one of our dependencies, please report it to the maintainers of that package first. Once the issue is fixed, please let us know so we can update our dependencies.