If you believe you have found a security issue in o3de-release-notes-generator, please do not open a public GitHub issue. Instead:

• Open a GitHub private vulnerability report, or
• Email the maintainer at the address listed on the project profile.

Please include:

• A description of the issue and its impact
• Steps to reproduce (or a proof-of-concept)
• The version (python release_notes.py --version) and platform you observed it on
• Whether you have already disclosed it elsewhere

You should expect an initial acknowledgement within 5 business days. Coordinated disclosure is preferred; the maintainer will work with you on a fix and a public advisory before any public discussion.

This is a small, single-maintainer tool. Only the latest minor release on main receives security fixes. Older versions will not be back-patched; please upgrade.

In scope:

• release_notes.py and generate_sbom.py (the runtime code)
• .github/workflows/*.yml (CI / build pipeline)
• The CycloneDX SBOM generation logic

Out of scope:

• Vulnerabilities in gh CLI, git, Python, or Ollama / Claude CLI; please report those upstream.
• Vulnerabilities that require an attacker who already has shell access on the user's workstation (this is a local CLI tool; local code execution is the trust baseline).
• Issues in PR bodies / titles fetched from GitHub that the user reviews before publishing; the rendered markdown is intended to be human-reviewed.

The full threat model, trust boundaries, and OWASP / NIST SP 800-53 control mapping live in ARCHITECTURE.md → Security Model. High-level summary:

• All subprocess calls use list arguments; no shell=True anywhere.
• All user inputs are regex-validated before use; git refs and repo slugs cannot start with -.
• GraphQL queries use server-side variables ($owner, $name); owner/repo are never string-interpolated into the query body.
• Subprocess stderr is scrubbed for GitHub token shapes (ghp_/gho_/ghu_/ghs_/ghr_) before logging.
• PR titles are sanitized for markdown special characters; PR bodies are capped at 64KB before extraction.
• LLM summary command runtime is bounded (--summary-timeout, default 300s).
• File writes are atomic (tempfile.mkstemp() + os.replace()).
• Zero external Python dependencies; CycloneDX 1.5 SBOM with file SHA-256 hashes is published in-repo and auto-regenerated by CI.
• GitHub Actions are pinned to commit SHAs (not floating tags).

Researchers who have responsibly disclosed valid issues will be credited here (with their permission).

None yet.