Security - Ktiseos-Nyx/Dataset-Tools GitHub Wiki

We take the security of Dataset-Tools very seriously. We value the security community and believe that responsible disclosure of security vulnerabilities helps us ensure the safety and privacy of our users.

Supported Versions

Dataset-Tools is under active development. For security purposes, we only provide updates for the most recent versions of the application.

Version Supported
main branch :white_check_mark:
0.70.0 and newer :white_check_mark:
0.65 and newer :white_check_mark:
< 0.64 :x:
< 0.55 :x:

We strongly advise all users to use the latest stable release or the main branch to ensure you have the most recent security patches and bug fixes.

Reporting a Vulnerability

If you discover a security vulnerability, we greatly appreciate your help in disclosing it to us responsibly. Please report vulnerabilities privately. This gives us the opportunity to investigate and resolve the issue before it is publicly disclosed.

Please do not open a public GitHub issue for a security vulnerability.

Preferred Method: GitHub Security Advisories

This is the best way to privately report a vulnerability.

  1. Go to the Dataset-Tools repository on GitHub.
  2. Click on the Security tab.
  3. Click on "Report a Vulnerability" to open a private advisory. This will create a secure, private communication channel between you and the project maintainers.

Alternative Method: Direct Message

If you are unable to use GitHub Security Advisories, you can send a direct message (DM) to a project maintainer (e.g., duskfallcrew) on our official Discord Server. Do not post vulnerability details in public channels.

What to Include in Your Report

To help us resolve the issue quickly, please provide a detailed report including:

  • A clear description of the vulnerability.
  • The version(s) of the software affected.
  • Step-by-step instructions to reproduce the issue.
  • The potential impact of the vulnerability.
  • A proof-of-concept (if possible).

Our Commitment

When you report a vulnerability, we will make every effort to:

  • Acknowledge your report in a timely manner.
  • Keep you updated on our progress.
  • Work with you to understand and validate the issue.
  • Address the vulnerability as quickly as possible.
  • Publicly credit you for your discovery (unless you prefer to remain anonymous).

We are dedicated to continuously improving our security and appreciate the community's collaboration in this effort.