PhaseBridge provides strict, lossless conversion guarantees. We take security and integrity seriously.
We support the latest minor release of the SDK and PIF v1.x.
| Version | Status |
|---|---|
| PIF v1.x | Supported |
| SDK 0.1.x | Supported |
| Older releases | Best-effort, please upgrade |
If you find a potential security or integrity issue, please report it privately:
- Email: anvifedotov.biz@gmail.com
- Subject:
[SECURITY] <short description> - Include: affected version(s), steps to reproduce, sample inputs, environment.
We’ll acknowledge within 5 business days and provide updates until resolution.
Please do not open public issues for suspected vulnerabilities.
- Integrity violations — decode differs from original while
meta.hash_rawpasses. - Validation gaps — malformed or out-of-range PIF accepted.
- CLI injection — unsafe handling of input paths or arguments.
- Denial-of-service — unbounded memory or CPU usage on crafted inputs.
- A patched release will be published.
SECURITY.mdandCHANGELOG.mdwill be updated.- A public advisory (e.g. GitHub Security Advisory) may be issued.
ℹ️ More detailed notes on hardening and cryptographic considerations are in
docs/security_notes.md.