The active pre-1.0 branch is the only supported security target.
| Version | Supported |
|---|---|
main / pre-1.0 |
Yes |
| Older unreleased commits | No |
Do not open a public issue for a suspected vulnerability.
Use GitHub's private vulnerability reporting for
https://github.com/evokoa/pggraph once the repository is public. If that
channel is unavailable, contact the maintainers through the private contact
method listed on the repository profile.
Please include:
- affected PostgreSQL version and pgGraph commit;
- whether the issue requires superuser, graph-admin, ordinary SQL user, or untrusted input access;
- a minimal reproduction when possible;
- any observed SQLSTATE, server log, crash report, or memory-safety symptom.
pgGraph is a PostgreSQL extension. It relies on PostgreSQL authentication, authorization, RLS, extension installation controls, and filesystem protection for the data directory.
The detailed security model is documented in Administration and Security and Safety and Security.