|
a |
|
b/SECURITY.md |
|
|
1 |
# Security Policy |
|
|
2 |
|
|
|
3 |
## Supported Versions |
|
|
4 |
|
|
|
5 |
New minor versions of MNE-Python are typically released twice per year. |
|
|
6 |
Only the most current stable release is officially supported. |
|
|
7 |
The unreleased, unstable "dev version" is also supported, though users |
|
|
8 |
should beware that the API of the dev version is subject to change |
|
|
9 |
without a proper 6-month deprecation cycle. |
|
|
10 |
|
|
|
11 |
| Version | Supported | |
|
|
12 |
| ------- | ------------------------ | |
|
|
13 |
| 1.9.x | :heavy_check_mark: (dev) | |
|
|
14 |
| 1.8.x | :heavy_check_mark: | |
|
|
15 |
| < 1.8 | :x: | |
|
|
16 |
|
|
|
17 |
## Reporting a Vulnerability |
|
|
18 |
|
|
|
19 |
MNE-Python is software for analysis and visualization of brain activity |
|
|
20 |
recorded with a variety of devices/modalities (EEG, MEG, ECoG, fNIRS, etc). |
|
|
21 |
It is not expected that using MNE-Python will lead to security |
|
|
22 |
vulnerabilities under normal use cases (i.e., running without administrator |
|
|
23 |
privileges). However, if you think you have found a security vulnerability |
|
|
24 |
in MNE-Python, **please do not report it as a GitHub issue**, in order to |
|
|
25 |
keep the vulnerability confidential. Instead, please report it to |
|
|
26 |
mne-core-dev-team@groups.io and include a description and proof-of-concept |
|
|
27 |
that is [short and self-contained](http://www.sscce.org/). |
|
|
28 |
|
|
|
29 |
Generally you will receive a response within one week. MNE-Python does not |
|
|
30 |
award bounties for security vulnerabilities. |