We take the security of freshdata seriously. This document explains which versions receive security fixes and how to report a vulnerability responsibly.
Security fixes are applied to the latest released version. We generally do not backport fixes to older releases — please upgrade to the latest.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
Instead, report privately using either of the following:
- GitHub Security Advisories (preferred) — open a private report at https://github.com/FreshCode-Org/freshdata/security/advisories/new.
- Email — contact the maintainer at jyothiswaroop2803@gmail.com with
the subject line
freshdata security.
Please include:
- A description of the vulnerability and its impact.
- Steps to reproduce (a minimal
pandas/freshdatasnippet is ideal). - The
freshdataversion and Python version affected.
- Acknowledgement within 5 business days.
- An initial assessment and severity classification within 10 business days.
- Coordinated disclosure: we will agree on a timeline before any public details are released, and credit reporters who wish to be named.
freshdata processes user-supplied tabular data in-memory. Reports of memory
exhaustion on adversarial inputs, unsafe deserialization, or code execution via
crafted data files are in scope. General data-quality bugs should be filed as
regular GitHub issues instead.