Thank you for helping keep NodCord secure! Please follow these steps when you discover a vulnerability or sensitive data:
- Report the finding confidentially via email to security@nodcord.dev or directly to tim.hauke@hauknetz.de.
- Describe the issue as precisely as possible (affected endpoints, expected behavior, actual behavior, steps to reproduce).
- Share logs or screenshots only over encrypted channels if necessary. Please do not publish proof-of-concepts before we have responded.
- Allow us at least 14 days to respond and prepare fixes for Prisma models, MySQL migrations, or API code.
We prioritize security reports that affect data integrity or authentication. After remediation we are happy to inform you about the actions taken and credit you in the release notes if you wish.
Thank you for your support!