This repository is maintained for academic and research purposes.
Security fixes are provided only for the latest version on the default branch.
| Version | Supported |
|---|---|
| Latest (main) | β |
| Older releases | β |
This project uses GitHub Private Vulnerability Reporting.
Please report security issues privately using GitHub Security Advisories:
π https://github.com/TechMLW/QuantFP/security/advisories/new
Do not open public GitHub issues for security vulnerabilities.
- Clear description of the vulnerability
- Steps to reproduce (proof-of-concept if possible)
- Potential impact and severity
- Suggested mitigation (optional)
- Initial acknowledgment: within 72 hours
- Status update: within 7 days
This repository is part of a university-level research and follows standard academic security practices:
- Code is provided as-is for educational use
- No guarantees of production-level security
- Users are responsible for validating results before real-world use
Dependencies are defined in docs/requirements.txt and monitored automatically via GitHub Dependabot.
Recommended user practices:
- Use isolated virtual environments
- Keep dependencies updated
- Run local security checks:
pip-auditsafety- static analysis tools
- Responsible disclosure is appreciated
- Public disclosure must not occur before a fix or mitigation is released
- Vulnerabilities affecting third-party libraries should be reported to their maintainers
This software is provided for academic and research use only, without warranty of any kind.
The maintainers are not responsible for misuse, data loss, or downstream impacts.
Thank you for helping maintain a secure research environment.