If you discover a security vulnerability in any Nootski project, please do not open a public issue.

Instead, report it privately via one of the following channels:

• Use GitHub's private vulnerability reporting on the affected repository (Security tab → Report a vulnerability).
• Or email: allard [at] nootski.com

Please include:

• A description of the vulnerability
• Steps to reproduce
• Affected version(s) / commit
• Any suggested remediation

You will receive an acknowledgement within 3 business days. We aim to provide a resolution timeline within 10 business days of the initial report.

Only the latest version on the main branch is actively maintained and supported with security updates.

This policy applies to all repositories in the Nootski GitHub account.

• Social engineering
• Physical attacks
• Denial-of-service via brute force
• Issues in third-party dependencies (please report these upstream)

Thank you for helping keep our projects and users safe.