We take the security of the Stratix Python SDK seriously. Thanks for helping us keep it safe.
Do not file a public GitHub issue for security vulnerabilities.
Email support@layerlens.ai with the subject line "Security report: stratix-python" and include:
- A description of the vulnerability and where it lives in the codebase.
- Steps to reproduce, including any proof-of-concept code if you have it.
- The version of
layerlensyou tested against (pip show layerlens). - Your assessment of the impact (data exposure, RCE, auth bypass, denial of service, etc.).
- Whether you would like credit in the disclosure, and if so, how you would like to be credited.
We will acknowledge receipt within 3 business days, give you an initial assessment within 7 business days, and keep you updated as we work on a fix.
In scope:
- The
layerlensPython package published to PyPI. - Source code in this repository (
src/,tests/,samples/,scripts/). - The
stratixCLI binary distributed with the SDK.
Out of scope (please report to the relevant team instead):
- Vulnerabilities in the hosted Stratix platform itself (stratix.layerlens.ai). Email support@layerlens.ai with subject "Security report: Stratix platform."
- Third-party dependencies. Please file with the upstream project.
- Issues that require physical access to a user's machine.
We provide security fixes for the latest minor release of layerlens. Older versions may receive fixes at our discretion.
| Version | Supported |
|---|---|
| 1.6.x | Yes |
| < 1.6 | No, please upgrade |
We follow coordinated disclosure. Once a fix is released, we will publish an advisory on the GitHub Security Advisories page and credit the reporter unless they prefer to remain anonymous.
Thanks for keeping the community safe.