Quantiles provides security fixes for the latest released versions of actively maintained open source project components.
| Component | Supported |
|---|---|
Latest qt CLI release |
Yes |
| Latest Python SDK release | Yes |
| Older releases | No, unless explicitly stated in release notes |
Please do not report security vulnerabilities through public GitHub issues, discussions, pull requests, or other public forums.
Instead, please send them to security@quantiles.io.
Please include as much of the information below as you can. This will help us understand the nature and scope of the potential issue.
- A description of the vulnerability and likely impact
- Steps to reproduce, proof of concept, or affected command/API route
- Affected component(s), such as
qt, the Python SDK, localqtserver API, dataset loader, or export path - Affected versions, commits, packages, or deployment environment
- Whether the issue involves secrets, authentication, local
.quantiles/artifacts, model outputs
Do not include real PHI, private customer datasets, secrets, API keys, access tokens, or full .quantiles/ databases in vulnerability reports.
We aim to acknowledge vulnerability reports within 3 business days.
We prefer all communications to be in English.