This software is NOT certified for clinical use. It must not be used for diagnostic or therapeutic purposes without independent validation and regulatory clearance. See the project README for the full disclaimer.
| Version | Supported |
|---|---|
| 0.5.x | ✅ Current release |
| 0.2.x | ❌ End of life |
| 0.1.x | ❌ End of life |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue for security vulnerabilities
- Email: [TO BE CONFIGURED — use GitHub Security Advisories]
- Or: Use GitHub's private vulnerability reporting feature on this repository
- Description of the vulnerability
- Steps to reproduce
- Potential impact (data leakage, denial of service, remote code execution, etc.)
- Suggested fix (if you have one)
- Acknowledgment: Within 48 hours
- Assessment: Within 7 days
- Fix/Disclosure: Coordinated with reporter, typically within 30 days
DICOM network protocols (DIMSE over TCP) were designed for trusted hospital networks. When exposing DICOM services to untrusted networks:
- Always use TLS — this toolkit supports TLS via
rustls - Restrict AE titles — configure allowed calling/called AE titles
- Validate input — malformed DICOM data could cause unexpected behavior
- Limit resources — configure max PDU size and connection limits
- Network isolation — place DICOM services behind a firewall/VPN
This project uses cargo deny to check for known vulnerabilities in
dependencies. Security advisories are monitored via the
RustSec Advisory Database.