| Version | Python Support | Node.js Support |
|---|---|---|
| 2.x.x | ✅ | ✅ |
| 1.x.x | ✅ | ✅ |
| < 1.0 | ❌ | ❌ |
We take the security of TurboTask seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- DO NOT create a public GitHub issue for the vulnerability.
- Email your findings to fector101@yahoo.com
- Include the following information:
- Description of the vulnerability
- Steps to reproduce
- Possible impact
- Suggested fix (if any)
- Your contact information for follow-up
- Response Time: We aim to respond within 48 hours with confirmation of receipt.
- Updates: We will keep you informed about the progress of fixing the vulnerability.
- Disclosure: Once fixed, we will coordinate with you on the disclosure timeline.
When using TurboTask:
- Always verify file permissions before processing
- Use the latest stable version
- Run with appropriate user permissions
- Validate input files before processing
- Monitor output directories for unexpected changes
- Input validation on all file operations
- Safe path handling
- No arbitrary code execution
- Controlled file system access
- Strict input validation
- Sanitized file paths
- Limited scope of operations
- Controlled dependencies
pip install TurboTask --usernpm install turbotask --production- Security updates are released as soon as possible
- Critical vulnerabilities trigger immediate patch releases
- Updates are announced via GitHub releases
- Subscribe to GitHub releases for notifications
Currently, we do not have a bug bounty program, but we deeply appreciate security researchers who take the time to report vulnerabilities.
We maintain a list of security researchers who have helped improve TurboTask's security. Contributors will be acknowledged (with permission) in our releases.
Last updated: November 2024