If you discover a security vulnerability in this package, please report it responsibly.
DO NOT open a public GitHub issue for security vulnerabilities.
- Email: security@omnifolio.app
- Include a description of the vulnerability
- Include steps to reproduce if possible
- We will acknowledge receipt within 48 hours
This package interacts with the SEC EDGAR public API. Security concerns may include:
- Injection vulnerabilities in HTML/XML parsing
- Denial of service through malformed input
- Information disclosure through error messages
- 48 hours: Acknowledgement
- 7 days: Initial assessment
- 30 days: Fix release (for confirmed vulnerabilities)
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |