We take the security of Node-i3x very seriously. If you believe you have found a security vulnerability, please do NOT file a public GitHub issue, and do NOT post details publicly.
Please report all security vulnerabilities using GitHub's Private Vulnerability Reporting mechanism. This ensures that the vulnerability is kept confidential until a patch is released and our members have been pre-notified and protected.
- Go to the node-opcua/node-i3x repository on GitHub.
- Click on the Security tab under the repository name.
- In the left-hand sidebar, click on Advisories.
- Click on the Report a vulnerability button.
- Fill out the form with details, steps to reproduce, and any proof-of-concept code.
- Click Submit report.
Our security team will review your report immediately and coordinate a private fix and a security advisory release.
If you are unable to use GitHub's private advisory form for any reason, please email us directly and securely at security@sterfive.com.
Subscribers to the Node-OPCUA Membership Program receive advanced access to security vulnerability disclosures (CVEs) and pre-remediation patches before public announcement.