Please follow the GitHub Issues page for progress on all security related issues.

libnostr-c is in pre-release and is not yet considered completely stable, security fixes will be issued as soon as possible and rolled into the next release.

Vulnerabilities should be reported by email to [email protected]

Security reports are greatly appreciated and will be handled with the highest priority, as libnostr-c is cryptography infrastructure software. You should hear back within 48 hours but this can vary because we're a small team who also has other responsibilities.

Please contact us as soon as possible if you believe you have found a security vulnerability in libnostr-c, preferably before disclosing the issue publicly. We will keep you informed about the progress of the fix and disclosure.

We will attempt to update the changelog with security fixes as they are completed and close issues as they are resolved. If you have any questions or concerns about the security of libnostr-c, please contact us at the email address above.