If you discover a security vulnerability in any Netresearch repository, please report it responsibly.
Do NOT open a public issue.
Instead, use GitHub's private vulnerability reporting:
- Go to the affected repository's Security tab
- Click "Report a vulnerability"
- Fill in the description, steps to reproduce, and impact
We will acknowledge your report within 2 business days and aim to provide a fix or mitigation within 10 business days, depending on severity.
We actively maintain the latest release of each repository. Security patches are applied to:
- The current major version
- The previous major version (for 6 months after a new major release)
Older versions receive patches only for critical vulnerabilities at our discretion.
- We follow coordinated disclosure — please give us reasonable time to fix before publishing
- We credit reporters in release notes (unless you prefer anonymity)
- We use GitHub Security Advisories for tracking and publishing fixes