Pywikibot Security Policy

Reporting a Vulnerability

To report a security vulnerability in Pywikibot, please contact the maintainers via Phabricator task or via email at security@pywikibot.org. We will acknowledge receipt of your report within 2 business days and aim to provide a resolution within 30 days, depending on the severity of the issue.

Security Updates

Pywikibot supports security updates for the latest stable release. Older versions may not receive security updates. Security updates will be made available through PyPI, the nightlies dump, the gerrit repository and the GitHub mirror. Users are advised to upgrade to the latest version to mitigate potential vulnerabilities.

Disclosure Policy

We follow a responsible disclosure process. After a vulnerability is fixed, we will publish a security advisory detailing the issue and the steps taken to resolve it. The advisory will be available on the GitHub repository and communicated to users through the mailing list.

Security Resources

• GitHub Security Advisories: https://docs.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory

• PyPI Security: https://pypi.org/security/

• MediaWiki Security for Developers: https://www.mediawiki.org/wiki/Security_for_developers