Security Policy¶
Security Vulnerabilities
If you discover a security vulnerability, please report it responsibly:
View Full Security Policy
For the complete security policy, supported versions, and reporting guidelines, please see:
Quick Overview¶
Supported Versions¶
uptool follows a 6-month support window for security patches:
- Latest minor version: Full support (features, bug fixes, security patches)
- Previous minor version: Security patches only (6 months after next minor release)
- Older versions: No support
Reporting Process¶
- DO NOT create a public GitHub issue
- Use GitHub Security Advisories (private reporting)
- Provide detailed description and reproduction steps
- Allow time for investigation and patch development
Response Timeline¶
- Initial Response: Within 48 hours
- Severity Assessment: Within 1 week
- Patch Development: Varies by severity (1-4 weeks)
- Public Disclosure: After patch is available