We actively maintain security support for:
- Main branch (
main) - Latest stable releases in tags
Security fixes will be backported to supported tags when applicable.
If you find a security vulnerability in this repository, please report it privately so that we can address it before public disclosure.
- Create a confidential issue (if available)
OR - Telegram:
https://t.me/RuslanSenatorov
https://www.youtube.com/SENATOROV
Please include:
- Description of the issue
- Minimal reproducible code/sample
- Impact assessment
- Steps to reproduce
We will respond within 72 hours.
- Acknowledge receipt within 72 hours.
- Triage and risk assessment.
- Assign severity based on CVSS criteria.
- Communicate acknowledgement to reporter.
- Fix in a dedicated branch.
- Release patched version with advisory.
When contributing code, follow these recommendations:
- Avoid unvalidated third-party code
- Keep dependencies minimal
- Use static analysis tools
Example:
pip install safety bandit
safety check
bandit -r .All user-facing code should validate input shapes and types.
Example:
def minimize(f, grad, x0):
assert callable(f)
assert callable(grad)
assert isinstance(x0, np.ndarray)This repository does not handle credentials or sensitive user data.
Do not:
- Hardcode passwords
- Store API tokens in code
- Log secrets
For critical security abuse or threats, contact:
https://t.me/RuslanSenatorov
https://www.youtube.com/SENATOROV
- Acknowledgement: within 72 hours
- Initial fix: within 14 days
- Advisory / release: as soon as patch is verified
Thank you for helping keep this project secure.