We release patches for security vulnerabilities for the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
If you discover a security vulnerability in b58uuid-py, please report it by emailing:
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will respond within 48 hours and work with you to understand and address the issue.
b58uuid-py includes overflow detection to prevent integer overflow attacks during decoding. The library validates that decoded values do not exceed the maximum UUID value (2^128 - 1).
All inputs are validated before processing:
- UUID strings must be valid UUID format
- Base58 strings must be exactly 22 characters
- Base58 strings must contain only valid Base58 characters
b58uuid-py uses only Python's standard library, reducing the attack surface from third-party dependencies.
When using b58uuid-py:
- Validate inputs: Always validate UUIDs from untrusted sources
- Handle errors: Catch and handle
ValueErrorexceptions appropriately - Use latest version: Keep the library updated to get security fixes
- Review changes: Check CHANGELOG.md for security-related updates
- Security issues are fixed as soon as possible
- Fixes are released in patch versions
- Security advisories are published on GitHub
- Credits are given to reporters (unless they prefer to remain anonymous)