| Version | Supported |
|---|---|
| 1.1.x | ✅ |
| < 1.1 | ❌ |
To report a security vulnerability, please do NOT open a public issue. Instead:
- Go to Security Advisories
- Click "New draft security advisory"
- Provide a detailed description of the vulnerability
We will respond to security vulnerability reports within 48 hours and will work with you to understand and address the issue. You can expect:
- A confirmation of receipt within 48 hours
- Regular updates on the progress
- Credit in the security advisory (unless you prefer to remain anonymous)
- Always use the latest version of NSM
- Pin your Nix package versions in production environments
- Review the Nix expressions before running them
- Keep your Nix installation up to date