We release patches for security vulnerabilities in the following versions:
| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| 0.1.x | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do not open a public GitHub issue for security vulnerabilities.
- Email the maintainers or open a private security advisory on GitHub.
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We aim to acknowledge reports within 48 hours and will work with you to understand and address the issue.
- Semblance is for mock/simulation — Use it for prototyping, testing, and development. Do not use it as a production API backend without additional hardening.
- Dependencies — We rely on FastAPI, Pydantic, Polyfactory, and Uvicorn. Keep these and your Python environment updated:
pip install -U pip semblance. - Randomness — Semblance uses
randomfor test data generation and latency simulation, not for cryptographic purposes.
For local auditing:
pip install bandit pip-audit
bandit -r src/
pip-audit