AISdb is committed to maintaining the security of our software and promptly addressing security vulnerabilities. The following table provides an overview of the versions of AISdb currently receiving security updates:
| Version | Supported |
|---|---|
| 1.8.x | ✅ |
| < 1.8 | ❌ |
The AISdb team takes security vulnerabilities seriously. If you discover a security issue within AISdb, please report it privately so we can assess the risk and mitigate it before public disclosure. Do not open a public GitHub issue for security vulnerabilities.
- Private security advisory (preferred): Go to the repository's Security tab on GitHub and select "Report a vulnerability". This opens a private advisory visible only to you and the maintainers.
- Email: Send an email to mapslab@dal.ca. Please include a detailed description of the issue and the steps to reproduce the vulnerability. If possible, include patches, scripts, or other resources that could help evaluate the vulnerability.
- Acknowledgment: You can expect to receive an acknowledgment of your report within 72 hours.
- Communication: We will keep you informed of your report's status, including the vulnerability assessment, throughout the resolution process.
- Confidentiality: Please keep the communication regarding the security issue confidential until we have assessed the impact and publicly disclosed the vulnerability.
- Disclosure: Once the vulnerability has been addressed, we will publish an advisory describing the issue, the steps taken to resolve it, and acknowledgments to those who reported it.
We appreciate your support in making AISdb more secure. By following these guidelines, we can work together to ensure the security and integrity of the AISdb project.