We currently support the following versions with security updates:
| Version | Supported |
|---|---|
| 0.1.x | β |
| < 0.1 | β |
If you discover a security vulnerability in NexusEvent, please report it responsibly:
Please DO NOT create a public GitHub issue for security vulnerabilities.
Instead, please email us privately at: security@nexusevent.dev
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if you have one)
- Your contact information for follow-up
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a detailed response within 7 days
- We will work with you to understand and resolve the issue promptly
We appreciate responsible disclosure and will:
- Credit you in our security advisory (if you wish)
- Keep you informed throughout the resolution process
- Notify you when the fix is released
When using NexusEvent:
- Never commit webhook URLs to version control
- Use environment variables for sensitive configuration
- Validate webhook URLs before use
- Use HTTPS-only webhook endpoints
- Always validate user input before creating messages
- Be cautious with user-generated content in message fields
- Sanitize URLs and content appropriately
- Keep your NexusEvent SDK updated to the latest version
- Monitor our security advisories
- Subscribe to release notifications
This security policy applies to:
- NexusEvent Flutter SDK
- NexusEvent JavaScript SDK
- Official examples and documentation
- CI/CD configurations
- Third-party integrations using our SDK
- Issues in dependencies (please report to upstream projects)
- General support questions (use GitHub Issues instead)
Thank you for helping keep NexusEvent secure! π‘οΈ