taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f27b59b5a8967c16d7497cf9130578e940efa83f
nora/SECURITY.md

1.5 KiB
Raw Blame History

Security Policy

Supported Versions

Version Supported
0.2.x
< 0.2

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them via:

  1. Email: devitway@gmail.com
  2. Telegram: @DevITWay (private message)

What to Include

  • Type of vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response Timeline

  • Initial response: within 48 hours
  • Status update: within 7 days
  • Fix timeline: depends on severity

Severity Levels

Severity Description Response
Critical Remote code execution, auth bypass Immediate fix
High Data exposure, privilege escalation Fix within 7 days
Medium Limited impact vulnerabilities Fix in next release
Low Minor issues Scheduled fix

Security Best Practices

When deploying NORA:

  1. Enable authentication - Set NORA_AUTH_ENABLED=true
  2. Use HTTPS - Put NORA behind a reverse proxy with TLS
  3. Limit network access - Use firewall rules
  4. Regular updates - Keep NORA updated to latest version
  5. Secure credentials - Use strong passwords, rotate tokens

Acknowledgments

We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.

Reference in New Issue View Git Blame Copy Permalink