Naga is currently in early development (v0.x.x).
| Version | Supported |
|---|---|
| 0.0.x | ✅ |
DO NOT open a public GitHub issue for security vulnerabilities.
Instead, please report security issues via:
-
Private Security Advisory (preferred): https://github.com/gogpu/naga/security/advisories/new
-
GitHub Discussions (for less critical issues): https://github.com/gogpu/naga/discussions
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Initial Response: Within 72 hours
- Fix & Disclosure: Coordinated with reporter
Naga is a shader compiler. Security considerations include:
- Input Validation - WGSL parser should handle malformed input gracefully
- Resource Limits - Parser should have limits to prevent DoS via deeply nested structures
- Generated Code - SPIR-V output should be valid and safe
- GitHub Security Advisory: https://github.com/gogpu/naga/security/advisories/new
- Public Issues: https://github.com/gogpu/naga/issues
Thank you for helping keep Naga secure!