This project is currently in early development. We provide security updates for the latest release version.

Note: As this is a pre-1.0 project (v0.1.x), backward compatibility is not guaranteed between minor versions (e.g., 0.1.x → 0.2.x). The API and security posture may change between releases. We recommend always using the latest version.

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

1. DO NOT open a public GitHub issue for security vulnerabilities
2. Use GitHub's private vulnerability reporting to open a confidential security advisory.
3. Include the following in your report:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Suggested fix (if available)

• Initial Response: Within 48-72 hours acknowledging receipt
• Status Updates: We'll keep you informed as we investigate and work on a fix
• Resolution Timeline: Depends on severity and complexity, typically within 7-14 days for critical issues
• Credit: With your permission, we'll acknowledge your contribution in the security advisory and release notes

When using this tool:

• Store your Control D API token securely (use .env file, never commit it)
• Keep your Python environment and dependencies up to date
• Review the code before running, especially when syncing to production profiles
• Use dedicated API tokens with minimal necessary permissions