Security support is provided only for publicly distributed versions of DataGuard.
| Version | Supported |
|---|---|
| Current Marketplace Version | ✅ |
| Current Release Package (.vsix) | ✅ |
| Older Versions | ❌ |
Only the most recent publicly available version is considered supported.
If you discover a security issue affecting DataGuard, please report it responsibly.
Do not disclose vulnerabilities publicly before review.
Submit a report containing:
-
Description of the issue
-
Steps to reproduce
-
Expected behavior
-
Actual behavior
-
Environment details:
- Operating system
- VS Code version
- Python version
- Extension version
-
Screenshots or logs (if applicable)
Send reports through:
- GitHub Security Advisories (preferred if enabled)
- Repository Issues (only for non-sensitive reports)
- Project contact channel
Examples of issues that may qualify:
- Unauthorized data access
- Local file handling vulnerabilities
- Unsafe execution behavior
- Credential exposure
- Extension privilege escalation
- Dependency-related security concerns
- AI integration security concerns
Examples that generally do not qualify:
- Missing feature requests
- UI preferences
- Performance concerns without security impact
- Third-party provider outages
- Unsupported versions
DataGuard follows a local-first design.
Core dataset processing is performed locally.
Optional AI functionality is only executed after explicit user configuration.
Users remain responsible for reviewing external AI provider policies before transmitting any data.
After receiving a report:
- Acknowledge receipt
- Validate impact
- Prepare remediation
- Publish fixes when available
Disclosure timelines may vary depending on severity and release schedules.
Thank you for helping improve the reliability and security of DataGuard.