Skip to content

Commit d419c66

Browse files
Add note on unexpected exceptions to secuirty policy
1 parent aeb99bd commit d419c66

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

security/policy.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@ dead-locks, and resource exhaustion) must be
4444
triggerable with data inputs that are reasonably sized for the use case.
4545
Availability vulnerabilities must also demonstrate an "upward" change in posture
4646
for the attacker, rather than a "lateral" one.
47+
Unexpected Python exceptions are not vulnerabilities by themselves unless they
48+
satisfy the availability criteria above.
4749
This is to avoid handling performance improvements as security vulnerabilities.
4850

4951
Vulnerabilities in dependencies of Python (such as zlib, Tcl/Tk, or OpenSSL)

0 commit comments

Comments
 (0)