| Version | Supported |
|---|---|
| 0.7.x | ✅ |
| < 0.7 | ❌ |
If you discover a security vulnerability in nirs4all, please do not open a public GitHub issue.
Instead, report it privately via one of the following channels:
- GitHub Security Advisories: Use the "Report a vulnerability" button on the Security tab of this repository.
- Email: Contact the maintainer directly at gregory.beurier@cirad.fr with the subject line
[SECURITY] nirs4all vulnerability.
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue
- Any suggested mitigations (if known)
We aim to acknowledge reports within 5 business days and to provide a fix or mitigation within 30 days for confirmed issues.
This policy covers the nirs4all Python library published on PyPI.
Security issues in optional dependencies (TensorFlow, PyTorch, JAX, etc.) should be reported directly to those projects.