We take the security of JobSense and its associated models, dataset, and demo spaces seriously. If you believe you have found a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.
Only the latest release of JobSense is actively supported for security patches.
| Version | Supported | Notes |
|---|---|---|
| v1.0.x | ✅ Yes | Active release |
| < v1.0 | ❌ No | Development / pre-releases |
Please do not open a public issue for security-related items.
Instead, report security vulnerabilities by reaching out directly to the maintainer:
- Contact Email/GitHub: Please contact Mantra Raval via GitHub at https://github.com/mantraraval.
- Scope: This policy covers the JobSense repository, fine-tuning scripts, weight-merging scripts, local deployment wrappers, and the Hugging Face Space demo.
When reporting a vulnerability, please include the following details:
- A descriptive title and detailed summary of the vulnerability.
- Step-by-step instructions (or a Proof of Concept script) to reproduce the issue.
- The potential impact of the vulnerability (e.g., prompt injection, remote code execution in demo space, deserialization vulnerabilities, etc.).
- The environment where the vulnerability was observed (OS, library versions, hardware context).
After receiving your report, the maintainer will:
- Acknowledge the receipt of your report within 48 hours.
- Work to verify and reproduce the vulnerability.
- Draft a patch or mitigation strategy.
- Coordinate a release date for the security update.
- Provide credit to the reporter (if desired) in the release notes.
We ask that you do not disclose the vulnerability publicly until a fix has been released or we have agreed on a coordinated disclosure timeline.