The following versions of indianconstitution are actively supported with security updates:
| Version | Supported |
|---|---|
| v1.3.x | ✅ Active support |
| v1.2.x | ✅ Active support |
| v1.1.x | |
| < v1.1 | ❌ End of life |
We take supply-chain and data integrity security seriously. If you believe you have found a security vulnerability, do not open a public GitHub issue. Instead, follow the responsible disclosure process below:
- Navigate to Security Advisories
- Click "New draft security advisory"
- Provide a clear description, steps to reproduce, potential impact, and any suggested mitigations
Send a detailed report to vikhrams@saveetha.ac.in with:
- Subject:
[SECURITY] IndianConstitution — <brief description> - Steps to reproduce
- Potential impact assessment
- Any suggested fixes or patches
| Stage | Timeline |
|---|---|
| Acknowledgement | Within 48 hours |
| Severity assessment | Within 72 hours |
| Fix / workaround | Within 14 days (critical), 30 days (moderate) |
| Public disclosure | After fix is released and users notified |
This package implements OSSF Scorecard recommendations:
- All GitHub Actions are pinned to immutable SHA hashes (no floating
@mainor@latest) - Dependabot is configured for automated dependency update PRs
- CodeQL static analysis runs on every push to
main - Releases are published via OIDC Trusted Publishing (no long-lived PyPI tokens)
Thank you for helping keep indianconstitution and its users secure!