edge-python-sdk is in active early development (0.1.x). Only the latest
released minor version receives security fixes.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1 | ❌ |
Please do not file a public GitHub issue for security vulnerabilities.
Report security issues privately via GitHub Security Advisories (Repository → Security → Report a vulnerability). The advisory flow keeps the report private until a coordinated fix is ready.
You should expect an initial acknowledgement within 3 business days. We aim to release a fix within 90 days of a confirmed report, coordinated with the reporter for disclosure timing.
In scope:
- Code under
src/edge_python_sdk/(excluding_generated/) - The release pipeline (
.github/workflows/release.yml) and trusted-publisher configuration on PyPI - The patch-application machinery (
scripts/,patches/)
Out of scope — please report upstream:
- Vulnerabilities present in unpatched
latitudesh-python-sdkcode (anything under_generated/that exists identically in latitudesh/latitudesh-python-sdk).