If you believe you have discovered a security vulnerability in NoxTLS, please report it privately.
Do NOT open a public GitHub issue.
Send reports to:
Please include:
- Description of the issue
- Affected versions
- Reproduction steps or proof of concept (if available)
- Impact assessment (if known)
We will acknowledge receipt within 2 business days.
Argenox follows a coordinated disclosure process:
- Acknowledge report
- Validate vulnerability
- Develop fix
- Notify affected commercial customers
- Publish advisory after patch availability
We request that researchers allow reasonable time for remediation before public disclosure.
| Version | Supported |
|---|---|
| 1.x LTS | Yes |
| 0.x | No |
Security fixes are provided:
- To commercial customers immediately
- To GPL community releases after coordinated disclosure
All cryptographic operations are designed for embedded constrained environments. Configuration must be reviewed carefully for production deployments.