| Version | Supported |
|---|---|
| 0.1.x | ✅ |
DO NOT file a public GitHub issue for security vulnerabilities.
Instead, please report security vulnerabilities by emailing: [email protected]
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 1 week
- Resolution Target: Within 90 days (severity dependent)
We follow coordinated disclosure:
- Reporter notifies us privately
- We acknowledge and investigate
- We develop and test a fix
- We release the fix
- We publicly disclose after users can update
Security updates are released as patch versions and announced via:
- GitHub Security Advisories
- Release notes
This library processes image data for training machine learning models. Security considerations include:
- Input validation: Image arrays are validated for expected shapes and types
- Dependency security: Dependencies are pinned to known-good versions
- No network access: This library does not make network requests
- No file system writes: This library only reads input data; it does not write files
- Keep dependencies updated to receive security patches
- Validate input data sources before processing
- Use virtual environments to isolate dependencies