Security fixes are provided for the latest main branch and the newest tagged release line.
Do not open public issues for security reports.
Use one of the following channels:
- GitHub Security Advisory (preferred): open a private report in this repository.
- Email:
security@nimi.xyz
Include:
- affected component (
runtime,sdk,desktop,proto,nimi-mods,web) - reproduction steps or proof of concept
- impact assessment
- suggested mitigation if available
- Initial acknowledgement: within 72 hours
- Triage result: within 7 calendar days
- Fix timeline: depends on severity and exploitability
After mitigation is available, we coordinate responsible disclosure and publish a security note in release notes/changelog.