Metadata-Version: 2.4
Name: filelock-lts
Version: 2025.68146.2
Summary: LTS Security release for filelock (CVE-2025-68146 Patch) - Meta-package
License: Unlicense
Project-URL: Homepage, https://github.com/1minds3t/filelock-lts
Project-URL: Security, https://github.com/1minds3t/filelock-lts/blob/main/SECURITY.md
Classifier: Topic :: Security
Classifier: Intended Audience :: Developers
Requires-Python: >=3.7
Description-Content-Type: text/markdown
Requires-Dist: filelock-lts-py37==2025.68146.2; python_version >= "3.7" and python_version < "3.8"
Requires-Dist: filelock-lts-py38==2025.68146.2; python_version >= "3.8" and python_version < "3.9"
Requires-Dist: filelock-lts-py39==2025.68146.2; python_version >= "3.9" and python_version < "3.10"
Requires-Dist: filelock-lts-py310==2025.68146.1; python_version >= "3.10" and python_version < "3.11"
Requires-Dist: filelock-lts-py311==2025.68146.1; python_version >= "3.11" and python_version < "3.12"
Requires-Dist: filelock-lts-py312==2025.68146.1; python_version >= "3.12" and python_version < "3.13"
Requires-Dist: filelock-lts-py313==2025.68146.1; python_version >= "3.13" and python_version < "3.14"
Requires-Dist: filelock-lts-py314==2025.68146.1; python_version >= "3.14" and python_version < "3.15"

# Filelock LTS: The CVE-Aware Ecosystem 🛡️


> **⚠️ Disclaimer:** This project is **not affiliated with, endorsed by, or associated with** the official `filelock` maintainers. All patches and releases are independently maintained and provided on a best-effort basis to support legacy environments.


![alt text](https://img.shields.io/badge/Security-Patched-success) ![alt text](https://img.shields.io/badge/CVE-2025--68146-Fixed-blue)

A unified security ecosystem ensuring filelock safety across ALL Python versions (3.7 - 3.14).

## 🚨 The Vulnerability: CVE-2025-68146
A critical Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to truncate or corrupt sensitive files via symlink or junction attacks.

## 🛡️ The Solution
This repository acts as a smart dispatcher. Installing `filelock-lts` automatically delivers the correct security strategy for your Python runtime:

| Python Version | Strategy | Base Version | Status |
|:---|:---|:---|:---|
| 3.7 | Custom Backport | 3.12.2 | 🛡️ SECURED (Unix + Win32) |
| 3.8 | Custom Backport | 3.16.1 | 🛡️ SECURED (Unix + Win32) |
| 3.9 | Custom Backport | 3.19.1 | 🛡️ SECURED (Unix + Win32) |
| 3.10+ | Upstream Proxy | Official >= 3.20.1 | ✅ REDIRECTED |

## 📦 Installation
**Standard Installation (Recommended):**

```bash
pip install filelock-lts
```

This automatically selects the correct package for your environment.

**Specific Version Targeting:**

```bash
pip install filelock-lts-py38  # For Python 3.8 specifically
```


## 🔮 The Future: Proactive Dependency Security
The Filelock LTS ecosystem is evolving to provide earlier visibility and stronger controls around dependency risk:

1.  **Early Warning Releases**: Placeholder LTS releases may be published when a potential upstream security issue is under investigation, allowing users to prepare before official advisories are issued.
2.  **Runtime Policy Enforcement (Optional)**: An opt-in runtime module that detects vulnerable dependency versions at runtime and enforces user-configured policies (warn, block, or isolate).
3.  **Configurable Security Policies**: Teams can choose how unpatched dependencies are handled based on their risk tolerance and operational needs.


## 🏗️ Architecture
- **main**: The metadata dispatcher (this branch).
- **py3.X**: Isolated branches containing specific source code or dependency definitions for that Python version.

## 🤝 License
Unlicense (Public Domain). Security belongs to everyone.
