| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability in FlashFusion, please report it responsibly:
- Do NOT open a public GitHub issue for security vulnerabilities.
- Email the security concern to: security@flashvision.dev
- Include a description of the vulnerability, steps to reproduce, and potential impact.
- You will receive an acknowledgment within 48 hours.
- Acknowledgment: Within 48 hours of report
- Assessment: Within 7 days
- Fix/Patch: Within 30 days for confirmed vulnerabilities
This policy applies to the FlashFusion library code. Third-party dependencies (PyTorch, OpenCV, etc.) should be reported to their respective maintainers.
When using FlashFusion in production:
- Keep dependencies up to date (
pip install --upgrade flashfusion) - Use
torch.load(..., weights_only=True)when loading untrusted checkpoints - Validate input sources before passing to prediction pipelines
- Run the library in sandboxed environments when processing untrusted data