Groupie is inherently not a user-facing library, so possible vectors for exploitation seem small to me. That said, in the event of a security vulnerability being found, this document describes how to report it.

As a small library with infrequent updates, I will accept bug and security reports for the current minor version. Severe issues might be backported to previous minor versions. I'll handle this on a case-by-case basis.

For low-risk things you can create an issue or PR. In case of a high risk thing, you can email me at [email protected].

Once we have successfully handled a security vulnerability, we'll add an attribution to the list below.