The NovaKey-Runner project takes security seriously. We appreciate the efforts of security researchers and users who help keep this project safe and trustworthy.
If you discover a security vulnerability, please do not open a public GitHub issue.
Instead, report it responsibly using one of the following methods:
- GitHub Security Advisories (preferred):
Go to the repository β Security tab β Report a vulnerability - Email: security@novakey.dev
(Replace this with the correct address if different.)
Please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any relevant logs, screenshots, or proof-of-concept code
We aim to:
- Acknowledge reports within 72 hours
- Provide an initial assessment within 7 days
- Release a fix as soon as reasonably possible, depending on severity
Only the latest release of NovaKey-Runner is actively supported with security updates.
| Version | Supported |
|---|---|
| Latest | β Yes |
| Older | β No |
We kindly request that you:
- Give us reasonable time to investigate and fix the issue
- Avoid public disclosure until a fix or mitigation is available
Weβre happy to credit reporters for valid disclosures, unless anonymity is preferred.
The following are generally considered out of scope:
- Denial-of-service attacks
- Vulnerabilities requiring physical access
- Issues in third-party dependencies without a demonstrated exploit in this project
Thank you for helping make NovaKey-Runner more secure. Responsible disclosure helps everyone.
β The NovaKey Team