This project uses a rolling release strategy. A new push(merge) to the main branch will trigger GitHub Actions to automatically release a new version. All the bug fixes will be committed directly into the main branch and published in the latest release. No effort will be spent on backporting bug fixes to previous versions!

In addition, Python libraries in this project are only released for recent Python versions.

This project contains multiple repositories, each with different responsibilities, and therefore also different risks regarding vulnerabilities. You can report the vulnerabilities in the issues as a bug.

power-grid-model is a calculation library without network connection or authentications. It is, however, possible that there are vulnerabilities in the form of (C++) bugs. Please refer to our assurance case regarding different types of bugs and vulnerabilities and undefined behavior, as well as the respective trust boundaries. You can report the vulnerabilities in the issues as a bug.

power-grid-model-ds is a data science library that processes datasets and configuration that may be user-provided. Treat all external inputs as untrusted, validate formats/schemas where possible and avoid unsafe deserialization (e.g. pickle) for untrusted files. If the visualizer is installed and used, note that it runs a local web server and opens a TCP port.

power-grid-model-io is a data conversion library and constains user configuration in the form of custom mappings and filters via a YAML file. To prevent code injection during loading, yaml.safe_load is used. In addition, execution is restricted to specific white-listed functions and modules. Please refer to the relevant security considerations for more information. You can report the vulnerabilities in the issues as a bug.