If you discover a security vulnerability in microfinity, please report it by opening a GitHub issue.

For sensitive security issues, please include [SECURITY] in the issue title.

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• We aim to respond to security reports within 48 hours
• We will work with you to understand and resolve the issue
• Once fixed, we will credit you in the release notes (unless you prefer anonymity)

Microfinity is a CAD library for generating 3D models. It does not:

• Handle user authentication
• Process sensitive personal data
• Make network requests (except for optional dependency downloads)
• Execute arbitrary code from external sources

The primary security considerations are:

• File I/O: STL/STEP/3MF files are read and written; ensure input files are from trusted sources
• Dependencies: We use well-maintained dependencies (CadQuery, trimesh, numpy) and monitor them via Dependabot