We take the security of clickhouse-arrow seriously. If you have discovered a security vulnerability, please follow these steps:

Please do not create a public GitHub issue for security vulnerabilities.

Send details to: [patterson.george@gmail.com]

Include:

• Type of vulnerability
• Affected components
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• We will acknowledge receipt within 48 hours
• We will provide a detailed response within 7 days
• We will work on a fix and coordinate disclosure

When using clickhouse-arrow:

• Always use strong passwords
• Use TLS connections in production
• Rotate credentials regularly
• Never commit credentials to version control

• Use TLS for connections over untrusted networks
• Restrict ClickHouse server access to trusted IPs
• Use firewall rules to limit exposure

• Validate all user input before queries
• Use parameterized queries to prevent SQL injection
• Be cautious with dynamic query construction

• Keep clickhouse-arrow updated
• Monitor security advisories for dependencies
• Run cargo audit regularly

• Always use TLS in production environments

• The library does not automatically escape user input
• Applications must validate and sanitize input

• Built with Rust's memory safety guarantees
• No known memory safety issues

We appreciate responsible disclosure and will acknowledge security researchers who help improve clickhouse-arrow.