hug takes security and quality seriously. This focus is why we depend only on thoroughly tested components and utilize static analysis tools (such as bandit and safety) to verify the security of our code base. If you find or encounter any potential security issues, please let us know right away so we can resolve them.
Currently, only the latest version of hug will receive security fixes.
Reporting a Vulnerability
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.