Only the latest release of uqlm receives security fixes.
| Version | Supported |
|---|---|
| 0.6.x (latest) | ✅ |
| < 0.6.0 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
To report a vulnerability, use one of the following options:
- GitHub Private Vulnerability Reporting (preferred): Report a vulnerability
- Email: mohitsingh.chauhan@cvshealth.com
Please include as much of the following information as possible:
- Type of issue (e.g., code injection, dependency vulnerability, data exposure)
- Full paths of the source file(s) related to the issue
- Location of the affected source code (tag, branch, commit, or direct URL)
- Steps to reproduce the issue
- Proof-of-concept or exploit code (if available)
- Impact of the issue
We will acknowledge receipt within 72 hours and provide a more detailed response within 7 days indicating the next steps for remediation.