If you believe you've found a security issue in regain (for example, a leaked credential in a committed file, an unsafe deserialisation path, or a dependency advisory that affects users), please do not open a public GitHub issue.

Instead, report it privately via GitHub Security Advisories:

https://github.com/fdtomasi/regain/security/advisories/new

Include:

• A short description of the issue.
• Steps to reproduce, or a pointer to the affected file/commit.
• Your assessment of impact, if you have one.

You can expect an initial reply within a week. There is no bug bounty.

Only the latest released version on PyPI / Anaconda receives security fixes. Older versions are best-effort.