| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please report security vulnerabilities by emailing security@paiml.com.
Do NOT create public GitHub issues for security vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: Within 48 hours
- Status update: Within 7 days
- Fix deployment: Within 30 days (critical) or 90 days (other)
- All changes require code review via pull request
- Security-sensitive changes require security team review
- CODEOWNERS file enforces required reviewers
- Dependencies audited with
cargo audit - Automated dependency updates via Dependabot
- No known vulnerabilities in dependency tree
- Security-focused tests in
tests/security/ - Fuzz testing for parsers
- Input validation tests
We follow responsible disclosure practices and will:
- Acknowledge receipt of vulnerability reports
- Provide regular updates on remediation progress
- Credit reporters (unless they prefer anonymity)
- Not take legal action against good-faith security research