We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:

When using ab in production:

1. Database Security: Use strong credentials for PostgreSQL connections
2. Network Security: Ensure database connections are encrypted (SSL/TLS)
3. Access Control: Limit database access to necessary services only
4. Environment Variables: Never commit secrets or API keys to version control
5. Dependencies: Keep dependencies up to date (uv sync regularly)

• ab uses SQLite by default (file-based, local only)
• PostgreSQL connections should use SSL in production
• Image storage backends (S3) require proper IAM configuration
• No built-in authentication - implement at application level

Security updates will be announced via:

• GitHub Security Advisories
• Release notes in CHANGELOG.txt
• Version tags on releases

Thank you for helping keep ab and its users safe!