3.7 or above
- Update dependencies to last stable version
- Build SBOM for the project
- Perform SAST (Static Application Security Testing) where possible
- No binaries in repository
- No passwords, keys, access tokens in source code
- No "Critical" and/or "High" vulnerabilities in contributed source code
Please, use email mailto:[email protected] for reporting security issues or anything that can cause any consequences for security.
Please avoid any public disclosure (including registering issues) at least until it is fixed.
Thank you in advance for understanding.