If you discover a security issue in PyWarp, please report it privately to:
- Email: info@saeedmasoudie.ir
- GitHub: Open a private security advisory
Please do not disclose vulnerabilities publicly until we’ve had a chance to investigate and release a fix.
| Version | Status | Security Fixes |
|---|---|---|
| v1.x | Actively maintained | ✅ Yes |
| v0.x | Legacy support | ❌ No |
We recommend using the latest release for full security coverage.
We follow responsible disclosure practices. Upon receiving a report, we aim to:
- Acknowledge within 48 hours
- Investigate and reproduce within 5 business days
- Release a patch or mitigation within 14 days, if applicable
Security reports are accepted in English or Persian (فارسی). Please include:
- A clear description of the issue
- Steps to reproduce (if possible)
- Potential impact
This policy covers:
- PyWarp’s proxy engine and networking logic
- Artifact packaging and release workflows
- CI/CD scripts and automation tools
It does not cover third-party dependencies unless explicitly bundled.
If a vulnerability is confirmed and patched, we will:
- Publish a GitHub advisory
- Include details in the changelog (
CHANGELOG.md) - Notify users via release notes