If you believe you have found a security vulnerability in Slicer, please report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, send email to slicer+security@discoursemail.com.
You should receive a response within 24 hours.
We prefer all communications to be in English.
You can access the most up-to-date Slicer packages through the official Slicer download website.
This table summarizes our general policy for updates to our binary distributions.
| Version | Support Status | Update frequency |
|---|---|---|
| Preview | ✅ | Continual integration of features & fixes |
| Stable | ✅ | Essential security fixes |
In general older releases are not updated.
Note
There is no restriction on use, but Slicer is NOT approved for clinical use and the distributed application is intended for research use. Permissions and compliance with applicable rules are the responsibility of the user. For details on the license see here.
Reports may pertain to various aspects of the Slicer ecosystem, including:
- Slicer applications, modules and extensions
- Websites associated with Slicer
Note
It's important to acknowledge that our impact on extension developers may be limited, and consequently, we disclaim responsibility for their actions. However, we are committed to forwarding reports to the best of our abilities.
Important
While we may not be able to offer legally binding commitments, we will do our best in addressing any reported security concerns.
Warning
While we greatly appreciate contributions to make Slicer more secure, please be aware that the Slicer community does not run a bug bounty program, and no financial compensation is offered for such contributions.