The Open Omni-Cloud team and community take the security of the tck-py project seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.
As this is a new project, only the latest versions are actively being monitored for security vulnerabilities. Please ensure you are using the most recent release.
| Version | Supported |
|---|---|
0.1.x |
✅ |
We are committed to working with the community to resolve security issues.
**Please do NOT report security vulnerabilities through public GitHub issues.**
Instead, please report them privately using one of the following methods:
-
GitHub's Private Vulnerability Reporting: This is the preferred method. You can submit a report directly and securely through the "Security" tab of our GitHub repository.
-
Email: If you prefer, you can send an email to the project maintainers at:
security@openomnicloud.org
After you submit a report, you should receive an acknowledgment within 48 hours. We will then coordinate with you to:
- Confirm the vulnerability.
- Determine the scope and impact.
- Develop a patch.
- Release a new, patched version of the TCK.
- Publicly credit you for your discovery (if you wish).
We kindly ask that you do not disclose the vulnerability publicly until a patched version has been released.