We provide security updates for the following versions:

If you discover a security vulnerability in this project, please report it by:

1. DO NOT create a public GitHub issue
2. Send an email to the maintainer with details of the vulnerability
3. Include steps to reproduce the issue
4. Provide any relevant logs or error messages

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if known)

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 7 days
• Fix and Release: Varies based on severity

When using these Docker images:

1. Never use default passwords - Always change JUPYTER_TOKEN in production
2. Use HTTPS - Configure TLS for JupyterLab in production environments
3. Limit network exposure - Use firewalls and proper network segmentation
4. Regular updates - Pull latest images regularly for security patches
5. Resource limits - Set appropriate memory and CPU limits in Kubernetes
6. Secrets management - Use Kubernetes secrets or similar for sensitive data

• Images run with non-root user by default
• JupyterLab runs with token authentication
• Spark uses cluster authentication in Kubernetes mode
• S3 credentials should be provided via environment variables or IAM roles