DeepLog follows semantic versioning. Security fixes are applied to the most recent minor release of the latest major version.

Please do not file public GitHub issues for security vulnerabilities.

If you discover a security vulnerability in DeepLog, please report it privately by emailing the maintainers at the DTAI Research Group, KU Leuven. You can find current contact addresses on the DTAI website. Alternatively, use GitHub's private vulnerability reporting at https://github.com/ML-KULeuven/deeplog/security/advisories/new.

When reporting, please include:

• A description of the issue and its potential impact.
• Steps to reproduce the vulnerability (a minimal proof of concept is ideal).
• The DeepLog version and Python version you tested against.
• Any suggested mitigations or patches, if you have them.

We aim to acknowledge new reports within 5 business days. After triage we will work with you on a coordinated disclosure timeline, typically targeting a patched release within 30 days for high-impact issues. Credit will be given in the release notes unless you prefer to remain anonymous.