At NeosPlus, we take security seriously. We value the contributions of security researchers and the community in helping us maintain a secure environment for our users. If you believe you have discovered a security vulnerability in our project, we kindly request that you report it to us in a responsible manner. Your cooperation helps us address and resolve security issues promptly.

Please do not create public issues for security vulnerabilities.

To report a security vulnerability, follow these steps:

1. Contact a maintainer on Discord: Additionally, you can reach out to one of our main maintainers privately on our Discord server. Please send a direct message to one of the following maintainers:

   • @xlinka

2. Provide necessary details: When reporting the vulnerability, please include the following information:

   • A detailed description of the vulnerability, including how it can be exploited.
   • Steps to reproduce the vulnerability, if applicable.
   • Any proof-of-concept code or evidence you can provide.
   • Your contact information so we can communicate with you regarding the issue.

3. Response: Once we receive your report, we will acknowledge it as soon as possible, typically within 2 business days. Our team will assess the report, investigate the issue, and determine the impact and severity.

4. Resolution: We will work diligently to address and resolve the issue in a timely manner. This may involve developing and releasing a security patch or update.

5. Public Disclosure: After the vulnerability has been patched and users have had an opportunity to update, we may publish a security advisory to inform the community about the issue.