Thank you for helping to make the Easy Python Installer safe and secure! This document outlines how to report security vulnerabilities and the processes we follow to address them.
The following table lists the versions of this project that are actively maintained and supported with security updates:
| Version | Supported |
|---|---|
| 1.2.x | ✅ Yes |
| 1.1.x | ✅ Yes |
| <= 1.0.x | ❌ No |
If you discover a security vulnerability in this project, please report it responsibly. Do not publicly disclose the issue until it has been resolved.
-
Email the project maintainer directly at security@itheo.tech with the following details:
- A description of the vulnerability.
- Steps to reproduce the issue (if applicable).
- Any potential impact or examples.
-
Include “Security Vulnerability Report” in the subject line of your email.
-
Please allow up to 48 hours for an initial response.
Upon receiving a vulnerability report:
- Acknowledgment: We will acknowledge receipt of your report within 48 hours.
- Investigation: The reported issue will be investigated, and if verified, steps will be taken to resolve it.
- Resolution: A patch will be created, tested, and released as soon as possible. You will be credited (if you wish) in the release notes.
- Verify Scripts: Always inspect scripts before running them, especially with elevated privileges.
- Stay Updated: Use the latest version of the installer script to benefit from updates and fixes.
- Report Issues: If you suspect a vulnerability, report it immediately to avoid potential misuse.
We appreciate your efforts to responsibly disclose vulnerabilities and help make Easy Python Installer more secure for everyone. Your collaboration ensures the safety and reliability of this project.