We actively maintain the following versions of the python-amazon-sp-api library. Security updates will be provided for these versions:
| Version | Supported |
|---|---|
1.x.x |
✅ |
0.x.x |
❌ |
If you discover a security vulnerability in this project, we appreciate your responsible disclosure. Please follow the steps below to report it:
-
Slack
Send a detailed report to Michael or saleweaver in the slack channel. An invite to the channel is available in the readme. Please include the following in your email:- A description of the vulnerability.
- Steps to reproduce the issue.
- Any potential impact it may have.
- Your recommendations for fixing the vulnerability (if applicable).
-
Do Not Publicly Disclose
Please do not publicly disclose any vulnerabilities until we have had an opportunity to investigate and issue a fix. -
Acknowledgment
We will acknowledge receipt of your report within 48 hours and provide an estimated timeline for resolution. Once the vulnerability has been resolved, we will notify you before publishing any fixes.
Upon receiving a security vulnerability report, we will:
- Investigate the report and verify the vulnerability.
- Develop a fix or workaround.
- Release a patch in a timely manner.
- Credit the reporter (if applicable and desired) in the release notes.
We encourage users of python-amazon-sp-api to follow these best practices to protect their systems:
- Keep your environment and dependencies up to date.
- Use secure authentication methods when accessing the Amazon SP-API.
- Avoid hardcoding credentials in your source code or version control.
- Regularly review and audit your usage of this library for security concerns.
We value the efforts of the security community in helping keep this project safe and secure for everyone.