You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+14-1Lines changed: 14 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,4 +8,17 @@ The `main` branch is the supported development line for `safejson`.
8
8
9
9
Please report dependency issues, malformed-input crashes, or other security concerns through GitHub's private vulnerability reporting when available, or by opening a minimal public issue without exploit payloads.
10
10
11
-
For untrusted input, callers should apply reasonable size limits before passing data into this project.
11
+
Useful reports include:
12
+
13
+
- Inputs that trigger `RecursionError`, `MemoryError`, process crashes,
14
+
or non-linear runtime before a configured limit fires.
15
+
- Cases where `allow_nan=False`, duplicate-key rejection, or a `Limits`
16
+
ceiling is bypassed.
17
+
- Packaging or CI changes that install a different source tree than the
18
+
tested package.
19
+
20
+
For untrusted input, callers should still apply a transport-level byte
21
+
limit before passing data into this project. `safejson` enforces JSON
22
+
structure and decoded string/container limits after input has already
23
+
arrived in memory; it is not a streaming network reader and it is not a
0 commit comments