| Version | Supported |
|---|---|
| latest | Yes |
| < 1.0 | No |
Please do not open a public GitHub issue for security vulnerabilities. Public issues tip off attackers before fixes ship.
Use ONE of these private channels:
Go to https://github.com/leapnux/5nux/security/advisories/new and submit your report. GitHub routes it privately to maintainers; you can collaborate on the fix in a private fork before public disclosure.
This is the modern standard for OSS vulnerability reporting. It gives you:
- Private collaboration channel with maintainers
- Built-in CVE assignment workflow
- Coordinated disclosure timeline
- Public credit on the resulting GHSA advisory (with your consent)
Send a report to [email protected] with the subject line
[branchnux] Security Vulnerability.
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept (PoC)
- Your suggested severity (Critical / High / Medium / Low)
- Whether you want public credit (default: yes, with your handle)
- We will acknowledge receipt within 2 business days.
- We aim to confirm the vulnerability and issue a fix within 90 days.
- We will coordinate a public disclosure date with the reporter.
- Credit will be given in the CHANGELOG and release notes unless you prefer to remain anonymous.
Thank you for helping keep branchnux and its users safe.