Security fixes are applied to the latest release on the default branch. Older versions are evaluated on a best-effort basis.
Please do not report security vulnerabilities through public GitHub issues.
Instead, report them privately via one of the following channels:
- GitHub's private vulnerability reporting (preferred).
- Email the maintainers at the address listed on the SOPHGO website.
When reporting, please include:
- A clear description of the issue and its impact.
- Steps to reproduce, ideally with a minimal proof-of-concept.
- The affected version(s) (commit SHA or
pip show tpu_mlir). - Any relevant logs, stack traces, or sample inputs.
We will acknowledge your report, investigate, and coordinate a fix and disclosure timeline with you. Please give us reasonable time to respond before any public disclosure.
Thank you for helping keep TPU-MLIR and its users safe.