Skip to content

Security: ThalesMMS/dicompressor

SECURITY.md

Security Policy

Please report security-sensitive findings through GitHub's private vulnerability reporting flow for this repository by opening a private security advisory instead of a public issue.

Medical imaging files can contain protected health information, including inside metadata or burned into pixels. Do not attach patient data, identifiable studies, logs with identifying metadata, or unreduced DICOM files to public issues or pull requests.

If a report requires a sample, use a de-identified file or describe the file characteristics, Transfer Syntax UID, and command needed to reproduce the issue. We aim to acknowledge private security reports within 7 days and will coordinate next steps in the advisory thread.

Public issues are appropriate for ordinary bugs, build failures, and usage questions that do not expose sensitive data or exploit details.

There aren't any published security advisories