| Version | Supported |
|---|---|
| 0.2.x | ✅ |
| < 0.2 | ❌ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- Email: devitway@gmail.com
- Telegram: @DevITWay (private message)
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial response: within 48 hours
- Status update: within 7 days
- Fix timeline: depends on severity
| Severity | Description | Response |
|---|---|---|
| Critical | Remote code execution, auth bypass | Immediate fix |
| High | Data exposure, privilege escalation | Fix within 7 days |
| Medium | Limited impact vulnerabilities | Fix in next release |
| Low | Minor issues | Scheduled fix |
When deploying NORA:
- Enable authentication - Set
NORA_AUTH_ENABLED=true - Use HTTPS - Put NORA behind a reverse proxy with TLS
- Limit network access - Use firewall rules
- Regular updates - Keep NORA updated to latest version
- Secure credentials - Use strong passwords, rotate tokens
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities in our release notes and CHANGELOG, unless the reporter requests anonymity.
If you have previously reported a vulnerability and would like to be credited, please let us know.