By having 100% code coverage, testing edge cases and making sure we're compliant with RFCs, we're committed to providing a secure library. However, if you do find a vulnerability (even if you're not sure), please disclose it with us privately. You can do so by sending an email to jonas.svensson@intility.no. When sending an email, please try to be explicit by giving reproduce steps.

The latest versions of FastAPI-Azure-Auth are supported, which means you should always be on the latest release. You're strongly encouraged to write tests for your application, both for security reasons, but also to ensure that you can upgrade versions easily.