We currently support the following versions with security updates:

If you discover a security vulnerability, please follow these steps:

1. Do not open a public issue describing the vulnerability. This could unintentionally expose the vulnerability.
2. Use GitHub's private vulnerability reporting feature to report the vulnerability directly. You can do this by using GitHub's private reporting feature on the repository and clicking "Report a vulnerability."
3. Alternatively, you can contact us directly at [email protected] with the following information:
   • A description of the vulnerability and its potential impact.
   • Steps to reproduce the vulnerability.
   • Any potential fixes or mitigations you have in mind.

We will acknowledge your report within 48 hours and work with you to address the issue promptly. We will keep you updated on our progress throughout the process.

We prefer all communications to be in English.

• We will work with you to coordinate a safe and timely disclosure.
• Once a fix is implemented, we will release it and publish a security advisory.
• If you wish to be credited for discovering the vulnerability, we are happy to acknowledge your contribution.

• We aim to release security updates as soon as possible after discovering or being notified of a vulnerability.
• All security updates will be documented in the CHANGELOG with detailed descriptions of the changes.

We appreciate your efforts to help improve the security of spaCy-EWC. Thank you for helping keep our project and community safe!

For any additional questions regarding our security policy, please reach out to us at [email protected].