Only the latest version of this repository is officially supported and maintained. Please make sure you are using the main branch before reporting a vulnerability.

If you discover a security vulnerability, please follow these steps:

1. Do not open a public issue.
   This is to protect users from potential exploitation of the vulnerability while it is being addressed.

2. Contact Information:
   Please email me directly at tungvt1912@gmail.com with a detailed description of the issue.

3. Provide the following information in your report:

   • A clear and concise description of the vulnerability.
   • Steps to reproduce the vulnerability.
   • The impact of the vulnerability (what an attacker could achieve).
   • Any known workarounds or mitigations.
   • Your environment details (OS, Nix version, etc.).

4. Response Time:
   I will acknowledge receipt of your report as soon as possible, typically within 3 business days. I will keep you updated on the status until the issue is resolved.

5. Disclosure Policy:
   After a fix has been made and deployed, I will work with you to determine an appropriate time for public disclosure, if applicable.

To help keep your system secure, please consider the following:

• Always use the latest version of the repository.
• Regularly update your system and dependencies.
• Review and follow NixOS security recommendations.

Thank you for helping to improve the security of this project!