We take the security of NexusFlag seriously. If you believe you have found a security vulnerability, please help us fix it by reporting it responsibly.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following methods:

GitHub Private Reporting: If enabled for this repository, use the "Report a vulnerability" button under the Security tab.

• A detailed description of the vulnerability.
• Steps to reproduce the issue (PoC scripts, screenshots, or requests are highly appreciated).
• The potential impact if exploited.

If you report a vulnerability, we commit to:

• Acknowledging receipt of your report within 48 hours.
• Providing an estimated timeline for a fix.
• Notifying you once the vulnerability is patched.
• Giving credit to the researcher (if desired) in our changelog/release notes.

We prefer communication in English.

This policy applies to the core NexusFlag repository and official extensions maintained by @jremes-foss. It does not apply to third-party integrations or user-generated content.