We release security updates for actively maintained versions of NitroStack.
| Version | Supported |
|---|---|
| latest | ✅ |
| older | ❌ |
If you are using an older version, please upgrade to the latest release before reporting a vulnerability.
Please do not report security vulnerabilities through public GitHub issues or discussions.
Instead, report vulnerabilities privately to:
- Email: oss@nitrostack.ai
- Subject line:
Security vulnerability report: <short title>
To help us triage quickly, include:
- A clear description of the issue and potential impact
- Affected package(s) and version(s)
- Steps to reproduce or proof-of-concept
- Any suggested mitigations or fixes
After receiving your report, we will:
- Acknowledge receipt within 3 business days
- Investigate and validate the issue
- Share status updates as we progress
- Coordinate a fix and responsible disclosure timeline
If the report is accepted, we will publish a security advisory and release a patch as quickly as possible.
Please give us a reasonable amount of time to investigate and remediate before public disclosure. We appreciate and value coordinated disclosure.
Thank you for helping keep NitroStack and its users safe.