If you discover a security vulnerability in Tensogram, please report it responsibly. Do not open a public GitHub issue.
Instead, please report the vulnerability via the ECMWF Support Portal with the subject line "Tensogram Security Vulnerability".
We will acknowledge receipt within 5 business days and aim to provide an initial assessment within 10 business days.
Security updates are applied to the latest release only.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
This policy covers the Tensogram library, its Python bindings, the CLI tool, the C/C++ FFI layer, and the xarray and Zarr backend packages.