The NovaEco team and community take security issues seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them directly to our security team at security@novaeco.tech.

Please include the following details in your report:

• A description of the vulnerability and its potential impact.
• Steps to reproduce the issue.
• Any proof-of-concept code.

We will do our best to respond to your report within 48 hours and provide a timeline for a fix. We kindly ask you not to disclose the vulnerability publicly until we have had a chance to address it.