Thank you for helping improve the security of Nemantix.
If you discover a security vulnerability, please do not open a public GitHub issue.
Instead, report it privately by contacting the maintainers at:
Please include, if possible:
- a clear description of the vulnerability;
- steps to reproduce the issue;
- the affected version, branch, or commit;
- any relevant logs, screenshots, proof of concept, or technical details;
- your contact information, in case we need clarification.
We will acknowledge receipt of the report as soon as reasonably possible and will work to assess, reproduce, and address the issue.
We ask reporters to follow responsible disclosure practices:
- do not publicly disclose the vulnerability before maintainers have had a reasonable opportunity to investigate and fix it;
- do not exploit the vulnerability beyond what is necessary to demonstrate its existence;
- do not access, modify, delete, or exfiltrate data that does not belong to you;
- do not perform disruptive testing against production systems or third-party services.
Nemantix is currently under active development.
Security fixes are generally provided for the latest public release and for the main development branch, when applicable.
| Version / Branch | Supported |
|---|---|
| Latest release | Yes |
main branch |
Yes |
| Older releases | No, unless explicitly stated |
When a vulnerability is confirmed, maintainers may:
- prepare and publish a fix;
- release a patched version;
- publish a security advisory, when appropriate;
- document mitigation steps if an immediate fix is not available.
This policy applies to the Nemantix codebase and official project files maintained in this repository.
For vulnerabilities in third-party dependencies, please also refer to the respective upstream projects.