From ba35c36156f005af2c788c540c804ef8b4eb0f2a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 15 Feb 2026 06:17:53 +0000 Subject: [PATCH 1/3] Initial plan From dfaf2096ac1f8687885656193678b8cbef77f3bd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 15 Feb 2026 06:19:17 +0000 Subject: [PATCH 2/3] Fix SECURITY.md: Update to actual version 0.1.0 and add clear reporting guidelines Co-authored-by: abhimehro <84992105+abhimehro@users.noreply.github.com> --- SECURITY.md | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 034e848..f02a0cc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,20 +2,40 @@ ## Supported Versions -Use this section to tell people about which versions of your project are -currently being supported with security updates. +This project is currently in early development. We provide security updates for the latest release version. | Version | Supported | | ------- | ------------------ | -| 5.1.x | :white_check_mark: | -| 5.0.x | :x: | -| 4.0.x | :white_check_mark: | -| < 4.0 | :x: | +| 0.1.x | :white_check_mark: | +| < 0.1 | :x: | + +**Note:** As this is an early-stage project (v0.1.x), the API and security posture may change between releases. We recommend always using the latest version. ## Reporting a Vulnerability -Use this section to tell people how to report a vulnerability. +We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly: + +### How to Report + +1. **DO NOT** open a public GitHub issue for security vulnerabilities +2. Email the maintainer directly at the email associated with the GitHub account +3. Include the following in your report: + - Description of the vulnerability + - Steps to reproduce the issue + - Potential impact + - Suggested fix (if available) + +### What to Expect + +- **Initial Response:** Within 48-72 hours acknowledging receipt +- **Status Updates:** We'll keep you informed as we investigate and work on a fix +- **Resolution Timeline:** Depends on severity and complexity, typically within 7-14 days for critical issues +- **Credit:** With your permission, we'll acknowledge your contribution in the security advisory and release notes + +### Security Best Practices -Tell them where to go, how often they can expect to get an update on a -reported vulnerability, what to expect if the vulnerability is accepted or -declined, etc. +When using this tool: +- Store your Control D API token securely (use `.env` file, never commit it) +- Keep your Python environment and dependencies up to date +- Review the code before running, especially when syncing to production profiles +- Use dedicated API tokens with minimal necessary permissions From 7176ac801f77f8fba3bbe73b6456803bf9fa532a Mon Sep 17 00:00:00 2001 From: Abhi Mehrotra Date: Sun, 15 Feb 2026 00:32:16 -0600 Subject: [PATCH 3/3] Update SECURITY.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- SECURITY.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f02a0cc..1b945f7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -18,8 +18,9 @@ We take security vulnerabilities seriously. If you discover a security issue, pl ### How to Report 1. **DO NOT** open a public GitHub issue for security vulnerabilities -2. Email the maintainer directly at the email associated with the GitHub account -3. Include the following in your report: +2. Use GitHub's private security reporting feature by navigating to this repository's **Security** tab and selecting **"Report a vulnerability"**. +3. If that option is not available, email our security contact at `security@example.com`. +4. Include the following in your report: - Description of the vulnerability - Steps to reproduce the issue - Potential impact