| Version | Supported |
|---|---|
| 3.1.x (latest) | ✅ |
| < 3.1 | ❌ |
We take security seriously. If you discover a vulnerability in SNIN Relay V2:
- Do NOT open a public GitHub issue.
- Send details to konant.git@gmail.com with subject
[SECURITY] SNIN Relay. - Include: description, steps to reproduce, impact, suggested fix (if any).
You will receive a response within 48 hours. We will coordinate a fix and disclosure timeline.
- Relay event validation and storage
- NIP-42 authentication
- IPFS PubSub integration
- Rate limiting and DoS protection
- Blossom file upload handling
- Nostr protocol vulnerabilities (report to nostr-protocol/nips)
- Third-party dependencies (report to respective maintainers)
We ask researchers to allow 90 days between initial report and public disclosure for critical vulnerabilities.