If you discover a security vulnerability, please report it responsibly.
Contact: j.d.a.jewell@open.ac.uk
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 7 days
- Fix/Mitigation: As soon as possible, depending on severity
Only the latest version is supported with security updates.
This policy covers the nexia-list repository and its published artifacts:
- Rust crates (
nexia-core,nexia-desktop) - ReScript UI package
- Tauri application binaries
We follow coordinated disclosure. Please do not publicly disclose vulnerabilities until a fix has been released or 90 days have passed since the initial report.