Skip to content

Security: tomasvotava/fastapi-sso

Security

SECURITY.md

Security Policy

Overview

Security is of paramount importance to this project, especially since it deals with login functionalities. That being said, an oopsie may happen and it is crucial for me to be informed promptly. This document provides an overview of the supported versions and instructions on reporting any security-related issues or vulnerabilities you might discover.

Supported Versions

fastapi-sso is still in its developmental phases, and we haven't rolled out a 1.0.0 release yet. Currently, I am offering support for all releases 0.7.0 and newer.

Version Supported
>= 0.7.0

Reporting a Vulnerability

Addressing security issues can be time-consuming, but rest assured, I take them very seriously and endeavor to resolve them as swiftly as possible. If you identify a security vulnerability in fastapi-sso, I urge you to notify me.

Steps to Report a Vulnerability:

  1. Create a new issue in our Issue Tracker.
  2. Assign the security label to the issue.
  3. Furnish a detailed description of the issue, specifying where the vulnerability occurs, the steps to reproduce it, and its potential impacts.

What to Expect

I will acknowledge the receipt of your vulnerability report and keep you posted on the progress regularly.

Disclosure Policy

In the realm of coding etiquette, it is generally frowned upon to publicly disclose issues without prior communication with me. Therefore, I ask you to discuss any grievances or concerns about fastapi-sso with me before publicizing them.

In other words, if there's something concerning fastapi-sso you'd like to bitch about, let me know and we'll bitch about it together.

Thank You

Raising an issue is a significant contribution, and I always appreciate discovering that people are using fastapi-sso. I am thankful for any insights or feedback provided.

There aren’t any published security advisories