This document outlines security policy and procedures for the CrowdStrike omigo-data-analytics project.
- Supported Python versions
- Supported versions
- Reporting a potential security vulnerability
- Disclosure and Mitigation Process
Project functionality is unit tested to run under the following versions of Python.
| Version | Supported |
|---|---|
| 3.9.x |  |
| 3.8.x | |
| 3.7.x | |
| 3.6.x | |
| <= 3.5 |  |
| <= 2.x.x | |
When discovered, we release security vulnerability patches for the most recent release at an accelerated cadence.
We accept security-related vulnerability reports via bug reports or pull requests.
Please report suspected security vulnerabilities by:
- Submitting a bug.
- Submitting a pull request to potentially resolve the issue.
Upon receiving a security bug report, the issue will be assigned to one of the project maintainers. This person will coordinate the related fix and release process, involving the following steps:
- Communicate with you to confirm we have received the report and provide you with a status update.
- You should receive this message within 48 - 72 business hours.
- Confirmation of the issue and a determination of affected versions.
- An audit of the codebase to find any potentially similar problems.
- Preparation of patches for all releases still under maintenance.
- These patches will be submitted as a separate pull request and contain a version update.
- This pull request will be flagged as a security fix.
- Once merged, and after post-merge unit testing has been completed, the patch will be immediately published to both PyPI repositories.
If you have suggestions on how this process could be improved, please let us know by opening an issue.