Security issues specific to the Darshan code base itself have so far been rare. The issue label, security is used to identify issues which manifest known security vulnerabilities.

Security issues, when discovered, follow the same process as any other bug fixes. Security issues are triaged and assessed for severity and likelihood. Work to correct security issues is then scheduled as appropriate.

Though the project has so far not encountered urgent security vulnerabilities, should any arise the project will use GitHub's security communication mechanisms to gather information.

In the event the Darshan user community requires notification of a potential urgent security vulnerability, our intention is to provide an update on or about the same time we use our normal communication mechanisms to alert users.

The supported version of Darshan is the latest release. The latest release of Darshan can be found on the releases page on the Darshan's Github repository page.

Any security issues requiring immediate updates to Darshan will be made available, at best, only in the latest release but might also only be made available in the next planned release. A planned release of Darshan may be accelerated in order to address a security issue. On very rare occasions, the Darshan project may re-release an already released version solely to address a specific or severe issue.

Generally, any issues with security implications should be submitted through the project's GitHub security Report a vulnerability button.