Note: This document applies to the Python project template itself. Projects generated from this template will have their own version of this document.

IMPORTANT: Do not open issues that might have security implications! It is critical that security related issues are reported privately so we have time to address them before they become public knowledge.

If you discover a security vulnerability within this project, please follow these steps:

1. Contact the maintainers

2. Provide detailed information about the vulnerability:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting)
• Steps to reproduce the vulnerability
• Affected versions
• Potential impact
• If available, suggestions for addressing the issue

3. Wait for confirmation before any public disclosure:

• We will acknowledge receipt of your report as soon as possible
• We will provide an estimated timeline for a fix
• We will keep you updated on the progress

4. Public disclosure process:

• Please wait until we have released a fix before disclosing publicly
• We will work with you to ensure you are credited for the discovery

This security policy applies to the latest release of the project. Older versions may not be supported.

Security updates will be released as soon as possible after a vulnerability is confirmed. Updates will be published through:

• GitHub releases
• Release notes in the CHANGELOG
• Security advisories when appropriate

When deploying or developing with this project, please consider the following best practices:

• Keep all dependencies up to date
• Review code changes carefully
• Follow least privilege principles in configuration
• Use secure environment variables for sensitive information

Thank you for helping to keep this project secure!