conformlock is pre-alpha and not intended for production deployment. That said, the project ships a "tamper-evident audit ledger" claim and references the EU AI Act Article 15, both of which create a reasonable expectation that we treat reported vulnerabilities seriously.

Only the latest pre-alpha release receives fixes. Older tags are kept on GitHub for audit-trail continuity but are marked superseded.

Please do not open a public GitHub issue for security-sensitive findings. Use GitHub's private vulnerability reporting:

• GitHub Security Advisory (canonical channel): use the private vulnerability reporting form on this repository. This creates an auditable record visible to the project maintainer only, supports embargo coordination, and is preferred over any other channel.
• If you cannot use the GitHub form (e.g., no GitHub account), open an empty public issue titled Security: contact requested with no vulnerability details, and the maintainer will reach out to coordinate a private channel.

When reporting, please include:

• The conformlock version (python -c "import conformlock; print(conformlock.__version__)").
• A minimal reproducer (Python snippet, ledger file, or stream of inputs).
• The observed behaviour and the expected behaviour.
• The threat-model class you believe is in scope (see below).

• Ledger tamper detection bypass under single-writer assumption: any input pattern that causes verify_chain to return True for a chain whose payload was altered in place after append. The single-writer assumption itself is in scope as a documentation ambiguity if the README headline misleads on it.
• Verifier façade soundness: any composition of Verifier, ConformalCalibrator / ACICalibrator, LTLfSpec, and the bundled drift detectors that produces a ledger row whose verdict does not match what the individual components would have produced when used directly.
• Denial-of-service via input shape: any input under the documented API surface (Decision, Outcome, Ledger.append) that causes the library to consume non-linear memory or hang.
• CI / supply-chain integrity: anything that lets a malicious PR bypass the Test (3.10/3.11/3.12), Build wheel + sdist, or Honest-marketing grep required status checks on main.

• Multi-process or multi-machine writes to the same ledger file. The ledger documentation states the single-writer assumption explicitly; defeating it under multi-writer concurrency is a documented limitation, not a vulnerability.
• Defeating tamper-detection by replacing the entire ledger file with a freshly constructed valid chain. External anchoring (Sigstore / Rekor) is on the v0.2 roadmap; until then, the library does not claim to defend against this.
• Producing false positives or negatives from ConformalCalibrator under distribution drift. Conformal coverage guarantees are exchangeability-conditional; this is documented in the README.
• Reports against superseded tags (v0.1.0a1, v0.1.0a2). Please reproduce against v0.1.0a3 (or the current main HEAD) first.

Because this is a single-maintainer pre-alpha library, response times are best-effort:

• Acknowledgement: within 7 calendar days.
• Triage decision: within 14 calendar days.
• Fix release: depends on severity; HIGH/CRITICAL findings are typically patched same-day or within 7 calendar days, following the same "superseded but not deleted" release pattern used by v0.1.0a1 → a2 → a3.

If you have not received an acknowledgement within 7 days, please ping the same GitHub Security Advisory thread with a [REMINDER] comment so the maintainer gets a fresh notification.

We follow coordinated disclosure: please give us a reasonable window to ship a fix before public disclosure (typically 30–90 days for non-actively-exploited issues; immediate for issues already known to be exploited). After the fix release, we will credit reporters in the release notes unless they request otherwise.

No reports yet. Be the first.