| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability, please report it responsibly:
- Do not open a public issue
- Email the maintainers directly (see repository for contact)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix timeline: Depends on severity
When using Gemmology packages:
- Keep packages updated to the latest versions
- Review CDL input from untrusted sources
- Be cautious with file paths in CLI tools
- Use virtual environments for isolation