Please do not open a public GitHub issue for security vulnerabilities.
Instead, report them privately by emailing mike@miketoscano.com. Include as much detail as possible:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Any suggested mitigations, if known
You can expect an acknowledgement within 48 hours and a resolution or status update within 7 days.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
Security fixes are released as patch versions and published to PyPI immediately.