implementation bugs that might allow attackers to leave malicious code running
and leak or tamper with applications from other users. Please report
vulnerabilities to the vendor of the affected hardware accelerator.

## Reporting vulnerabilities

### Vulnerabilities in TensorFlow

This document covers different use cases for TensorFlow together with comments

Instructions for reporting a vulnerability can be found on the
[Istio Security Vulnerabilities] page. The Istio Product Security Working Group receives
vulnerability and security issue reports, and the company affiliation of the members of
the group can be found at [Early Disclosure Membership].

## Security Bulletins

Information about previous Istio vulnerabilities can be found on the
[Security Bulletins] page.

      description: |-
        This is used to report product bugs:
        To report a security vulnerability, please visit <https://istio.io/about/security-vulnerabilities>.
        Any crashes are potentially security vulnerabilities and should be treated as such.
        To ask questions about how to use Istio, please visit <https://github.com/istio/istio/discussions>.
      options:

- **Security:**
Java serialization poses security risks, especially related to deserialization vulnerabilities.

- **Version Compatibility:**
With Java serialization, even minor changes to a class (like adding a field) can break compatibility.

- **Cross-Language Compatibility:**

blank_issues_enabled: false
contact_links:
  - name: Security Contact
    about: Please report security vulnerabilities to ******@****.***
  - name: Question or Problem
    about: Ask a question or ask about a problem in GitHub Discussions.
    url: https://github.com/tiangolo/fastapi/discussions/categories/questions
  - name: Feature Request

        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
        language: ['java', 'javascript']
        # Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

### Security vulnerabilities

Do not report security vulnerabilities to the public issue tracker. Follow our [Security Vulnerability Disclosure Policy](https://github.com/gradle/gradle/security/policy).

### Follow the Code of Conduct

*   Fixes vulnerabilities caused by incomplete validation in `SparseAdd`
    ([CVE-2021-29609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29609))
*   Fixes vulnerabilities caused by incomplete validation in
    `SparseSparseMinimum`
    ([CVE-2021-29607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29607))
*   Fixes vulnerabilities caused by incomplete validation in `SparseReshape`

open-source software development.

## Patching guidelines

Follow these steps to patch a specific version of TensorFlow, for example, to
apply fixes to bugs or security vulnerabilities:

*   Clone the TensorFlow repo and switch to the corresponding branch for your
    desired TensorFlow version, for example, branch `r2.8` for version 2.8.

   * delete the file and create a directory in its place, but this leads a race condition which can
   * be exploited to create security vulnerabilities, especially when executable files are to be
   * written into the directory.
   *
   * <p>This method assumes that the temporary volume is writable, has free inodes and free blocks,