| Version | Supported |
|---|---|
| 2.1.x | ✅ |
| < 2.0 | ❌ |
We take security seriously. If you discover a security vulnerability in NurOS Hello, please report it responsibly.
Do not open a public issue for security vulnerabilities.
Instead, please:
- Email: Contact the maintainers directly at anmitali198@gmail.com
- Telegram: Send a private message to the project maintainers
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Resolution: Depends on severity, typically within 30 days
- We will acknowledge your report
- We will investigate and validate the issue
- We will develop and test a fix
- We will release a security update
- We will publicly disclose the issue after the fix is released
We appreciate security researchers who help keep NurOS Hello safe. With your permission, we will acknowledge your contribution in our release notes.
NurOS Hello follows these security practices:
- No network requests without user action
- No collection of personal data
- Minimal permissions required
- Regular dependency updates
- Code review for all contributions
This security policy applies to:
- NurOS Hello application
- Official NurOS Hello packages
- This repository (https://github.com/NurOS-Linux/hello)
Third-party forks and modifications are not covered by this policy.