| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| < 0.2 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- Email: devitway@gmail.com
- Telegram: @DevITWay (private message)
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: within 48 hours
- Status update: within 7 days
- Fix timeline: depends on severity
| Severity | Description | Response |
|---|---|---|
| Critical | Remote code execution, auth bypass | Immediate fix |
| High | Data exposure, privilege escalation | Fix within 7 days |
| Medium | Limited impact vulnerabilities | Fix in next release |
| Low | Minor issues | Scheduled fix |
When deploying NORA:
- Enable authentication - Set
NORA_AUTH_ENABLED=true - Use HTTPS - Put NORA behind a reverse proxy with TLS
- Limit network access - Use firewall rules
- Regular updates - Keep NORA updated to latest version
- Secure credentials - Use strong passwords, rotate tokens
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.