Skip to content

Add note on unexpected exceptions to security policy #1825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
StanFromIreland merged 3 commits into from
Jun 15, 2026
+2 −0
Merged

Add note on unexpected exceptions to security policy #1825

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d419c66
Add note on unexpected exceptions to secuirty policy
StanFromIreland Jun 4, 2026
90d59bd
Ooops update sentence below too
StanFromIreland Jun 4, 2026
83b83f4
Seth's suggestion (- "arbitrary")
StanFromIreland Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions security/policy.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ triggerable with data inputs that are reasonably sized for the use case.
Availability vulnerabilities must also demonstrate an "upward" change in posture
for the attacker, rather than a "lateral" one.
This is to avoid handling performance improvements as security vulnerabilities.
Exceptions are an expected part of control flow when processing inputs,
therefore crashes resulting from unhandled exceptions are not security vulnerabilities.

Vulnerabilities in dependencies of Python (such as zlib, Tcl/Tk, or OpenSSL)
are not vulnerabilities in Python unless Python's use of the dependency
Expand Down
Loading