Security is of paramount importance to this project, especially since it deals with login functionalities. That being said, an oopsie may happen and it is crucial for me to be informed promptly. This document provides an overview of the supported versions and instructions on reporting any security-related issues or vulnerabilities you might discover.
fastapi-sso
is still in its developmental phases, and we haven't rolled out a 1.0.0 release yet. Currently, I am offering support for all releases 0.7.0
and newer.
Version | Supported |
---|---|
>= 0.7.0 | ✅ |
Addressing security issues can be time-consuming, but rest assured, I take them very seriously and endeavor to resolve them as swiftly as possible. If you identify a security vulnerability in fastapi-sso
, I urge you to notify me.
- Create a new issue in our Issue Tracker.
- Assign the
security
label to the issue. - Furnish a detailed description of the issue, specifying where the vulnerability occurs, the steps to reproduce it, and its potential impacts.
I will acknowledge the receipt of your vulnerability report and keep you posted on the progress regularly.
In the realm of coding etiquette, it is generally frowned upon to publicly disclose issues without prior communication with me.
Therefore, I ask you to discuss any grievances or concerns about fastapi-sso
with me before publicizing them.
In other words, if there's something concerning fastapi-sso
you'd like to bitch about, let me know and we'll bitch about it together.
Raising an issue is a significant contribution, and I always appreciate discovering that people are using fastapi-sso
. I am thankful for any insights or feedback provided.