ImportSpy is committed to maintaining a secure and trusted environment for all developers.
If you discover a security vulnerability, we strongly encourage responsible disclosure.
- Report vulnerabilities via: GitHub Issues
- Contact for security concerns: atellaluca@outlook.it
- Disclosure period: We follow a 90-day responsible disclosure policy.
- Issues reported privately will be reviewed and fixed before public disclosure.
We take security seriously and address vulnerabilities as follows:
- Review & Triage: Reported vulnerabilities are assessed within 48 hours.
- Fix & Release:
- Minor security patches are applied in patch releases (
x.x.x). - Major security fixes may result in a new minor version (
x.x.0).
- Minor security patches are applied in patch releases (
- Communication:
- GitHub Releases: Security updates are tagged and documented.
- Upcoming: Changelog updates and mailing list notifications.
ImportSpy depends on Pydantic (^2.9.2), and we actively monitor its security updates.
If a dependency vulnerability is identified, it will be patched and communicated accordingly.
Thank you for contributing to the security of ImportSpy! 🛡️