Security reports are welcome for issues affecting any maintained part of this repository, including:
Nexnex_basenex_envinstaller- example and showcase applications when the issue represents a framework-level risk
Please do not disclose vulnerabilities publicly in GitHub issues, pull requests, social posts, or discussions.
Instead, report them privately to the maintainer with:
- a clear description of the issue
- affected package or directory
- impact assessment
- reproduction steps or proof of concept
- any suggested mitigation, if available
If you do not yet have a private security contact channel, treat this repository as embargoed and avoid public disclosure until a dedicated reporting channel is published.
When a valid report is received, the maintainer will aim to:
- confirm receipt
- assess severity and affected scope
- prepare a fix or mitigation
- coordinate disclosure timing
Please avoid:
- publishing exploit details before a fix is available
- opening public issues for unpatched vulnerabilities
- posting secrets, tokens, or private infrastructure details
Responsible disclosure helps protect users and contributors.