| Version | Supported |
|---|---|
| 0.3.x | ✅ Current |
| < 0.3 | ❌ No |
If you discover a security vulnerability, please report it responsibly:
- DO NOT open a public GitHub Issue
- Email: medpaper-security@example.com
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge receipt within 48 hours and aim to release a fix within 7 days for critical issues.
- Trusted Publishing: PyPI releases use OIDC trusted publishing (no stored API tokens)
- Pre-commit hooks: All commits pass ruff, mypy, bandit security scans
- Dependency scanning: Dependabot monitors for vulnerable dependencies
- No secrets in code: All credentials stored in GitHub Secrets or environment variables