| Version | Supported |
|---|---|
| 1.3.x | ✅ |
| < 1.3 | ❌ |
If you discover a security issue, please do not open a public GitHub issue.
Instead, report it privately by emailing mostafa.uwsgi@gmail.com.
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
You should receive a response within 7 days. If the issue is confirmed, we will:
- Acknowledge the report
- Work on a fix
- Release a patched version
- Credit you in the changelog (unless you prefer to remain anonymous)
Protolizer is a serialization library. When using it in API handlers:
- Validate all untrusted input with
.is_valid()before calling.protobuf - Be aware that
ParseDictbehavior depends on yourprotobufversion - Avoid reusing serializer instances across requests if hooks mutate shared state
- Do not pass untrusted data to
pre_serializehooks without review