If you think you've found a potential vulnerability in OpenTimelineIO, please report it by filing a GitHub security advisory. Alternatively, email [email protected] and provide your contact info for further private/secure discussion. If your email does not receive a prompt acknowledgement, your address may be blocked.
Our policy is to acknowledge the receipt of vulnerability reports within 48 hours. Our policy is to address critical security vulnerabilities rapidly and post patches within 14 days if possible.
These vulnerabilities are present in the given versions:
- No known vulnerabilities
See the release notes for more information.
This gives guidance about which branches are supported with patches to security vulnerabilities.
| Version / branch | Supported |
|---|---|
| main | ✅ 🚧 ALL fixes immediately, but this is a branch under development and may be unstable in other ways. |
| 0.18.x | ✅ All fixes that can be backported without breaking compatibility. |
| 0.17.x | ✅ All fixes that can be backported without breaking compatibility. |
| 0.16.x | |
| <= 0.15.x | ❌ No longer receiving patches of any kind. |
- Imath - Provides Vector, Matrix, and Bounding Box primitives.
- rapidjson - Used in serialization/deserialization of the
.otioJSON file format.
- pybind11 (only if built with Python bindings) - Used to create Python bindings for the C++ library.
- importlib_metadata - Provides backward compatability for Python 3.7.
Optionally, OTIOView requires: