We are committed to providing security updates for the following versions of Nexa. We recommend all users to stay on the latest stable release.

Please do not report security vulnerabilities through public GitHub issues.

If you discover a potential security vulnerability in Nexa, please help us protect our users by reporting it privately.

Please send an email to [INSERT_SECURITY_EMAIL].

• Acknowledgment: You will receive an acknowledgment of your report within 48 hours.
• Investigation: Our team will investigate the issue and may contact you for further details or reproduction steps.
• Resolution: Once a vulnerability is confirmed, we will work on a fix. We will keep you updated on the progress.
• Public Disclosure: After the fix is released, we will coordinate a public disclosure (typically via a Security Advisory or Release Note) and, if you wish, credit you for the discovery.

• A brief description of the vulnerability.
• Steps to reproduce the issue (proof-of-concept code is highly appreciated).
• Potential impact (e.g., can it lead to remote code execution? data leakage?).
• Any suggestions for remediation.

Thank you for helping us keep the Nexa community safe!