We take the security of sawtooth-memory seriously. If you find a flaw, vulnerability, or exploit in the codebase, we appreciate your help in disclosing it to us responsibly.
We actively support, monitor, and provide security patches for the latest published release line on PyPI.
| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| 0.2.x | ✅ |
| < 0.2.0 | ❌ |
If you discover a security vulnerability, please do NOT open a public GitHub Issue. Publicly exposing a live vulnerability puts systems running this package at risk.
Instead, please report your findings privately by sending a detailed email to dev@jackmann.xyz.
- A clear description of the vulnerability type and its location.
- Steps to reproduce the issue (including proof-of-concept scripts or payload examples if applicable).
- Potential impact (e.g., memory corruption, data leaks, state poisoning).
- Acknowledge: We will acknowledge receipt of your report within 48 hours.
- Investigate: We will review and replicate the issue internally.
- Fix & Release: A patch or security advisory will be developed and deployed privately before being made public.
Thank you for your cooperation in keeping the ecosystem safe!