Skip to content

Security: johnsutor/so101-nexus

SECURITY.md

Security Policy

Supported versions

SO101-Nexus is pre-1.0 and under active development. Security fixes are applied to the latest released minor version, currently the 0.4.x series. Please upgrade to the most recent release before reporting an issue.

Version Supported
0.4.x Yes
< 0.4 No

Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, use GitHub's private vulnerability reporting: open the repository's Security tab and choose Report a vulnerability. This opens a private advisory visible only to the maintainers.

Include as much detail as you can:

  • A description of the vulnerability and its impact.
  • Steps to reproduce, or a proof of concept.
  • Affected versions and environment (operating system, Python version, backend).

What to expect

  • Acknowledgement of your report, typically within a few days.
  • An assessment of the report and, if confirmed, a fix targeting the supported release series.
  • Coordinated disclosure: we will agree on a timeline before any public detail is shared, and credit you in the advisory unless you prefer to remain anonymous.

There aren't any published security advisories