Security Policy
Supported Versions
Currently supported versions with security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ Yes |
| < 0.1 | ❌ No |
Reporting a Vulnerability
How to Report
DO NOT create public GitHub issues for security vulnerabilities.
Please report security vulnerabilities by email to:
📧 akram.alsubari87@gmail.com (alternative)
What to Include
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce (code examples if possible)
- Affected versions
- Potential impact
- Any suggested fixes (optional)
What to Expect
| Step | Timeline | Description |
|---|---|---|
| 1 | Within 48 hours | Acknowledgment of receipt |
| 2 | Within 5-7 days | Initial assessment and confirmation |
| 3 | Within 14 days | Fix development or mitigation plan |
| 4 | Within 30 days | Release of security update |
Vulnerability Acceptance
If the vulnerability is accepted:
- You will receive credit in the release notes (unless you prefer to remain anonymous)
- A security advisory will be published
- A patch will be released for supported versions
Vulnerability Decline
If the vulnerability is declined:
- You will receive a detailed explanation why
- The issue may be moved to a public discussion if appropriate
- No further action will be taken
Security Best Practices for Users
When using dytr:
- Keep updated: Always use the latest version
- Validate inputs: Sanitize any untrusted input before passing to the model
- Use virtual environments: Isolate dytr installations
- Review code changes: Check pull requests before merging
Security Updates
Security updates will be released as:
- Patch versions (0.1.x → 0.1.y) for critical fixes
- Minor versions (0.x → 0.y) for non-critical fixes
Watch the repository on GitHub to receive security update notifications.
Responsible Disclosure
We follow responsible disclosure practices:
- Reporters will be acknowledged (unless anonymous)
- Fixes will be released before public disclosure
- Coordinated disclosure with reporters
Contact
Security Contact: akram.alsubari@outlook.com
Alternative Contact: akram.alsubari87@gmail.com
Acknowledgment
We thank the security research community for helping keep dytr secure.