| Version | Supported |
|---|---|
| 0.x.x | ✅ |
To report a security vulnerability:
- Do NOT open a public issue
- Email security concerns to the maintainers via GitHub private vulnerability reporting
- Or open a private security advisory at: https://github.com/gogpu/wgpu/security/advisories/new
We will respond within 48 hours and work with you to understand and address the issue.
wgpu is a WebGPU implementation that interfaces with GPU hardware. Security considerations include:
- Memory safety: Pure Go implementation minimizes unsafe code
- Resource limits: Proper validation of buffer sizes and texture dimensions
- Shader validation: Input shaders should be validated before execution
- Platform integration: Backend-specific code follows platform security guidelines
We follow responsible disclosure practices:
- Reporter notifies us privately
- We acknowledge and investigate
- We develop and test a fix
- We release the fix and credit the reporter (if desired)
- We publish a security advisory