Skip to content

Security: withoutbg/withoutbg-python

Security

SECURITY.md

Security Policy

Reporting a vulnerability

Do not create a public GitHub issue for security vulnerabilities.

Email security@withoutbg.com with:

  • A description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested fix (optional)

You will receive an acknowledgement within 48 hours and a status update within 7 days.

Scope

This policy covers the withoutbg Python package (this repository).

For vulnerabilities in the Docker / self-hosted inference service, report via withoutbg/withoutbg-inference or the same email address.

Supported versions

Security fixes are applied to the latest release only. We do not backport to older minor versions.

Disclosure

We follow a 90-day coordinated disclosure timeline. After a fix is released, we will publish a security advisory on GitHub.

There aren't any published security advisories