Security Policy

Supported Versions

We are following *CalVer* with generous backwards-compatibility guarantees. Therefore we only support the latest version.

Put simply, you shouldn't ever be afraid to upgrade as long as you're only using our public APIs. Whenever there is a need to break compatibility, it is announced in the changelog, and raises a DeprecationWarning for a year (if possible) before it's finally really broken.

**Warning**

The structure of the attrs.Attribute class is exempt from this rule.

It *will* change in the future, but since it should be considered read-only, that shouldn't matter.

>

However if you intend to build extensions on top of *attrs* you have to anticipate that.

Reporting a Vulnerability

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.