We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 5.0.x | ✅ |
| < 5.0 | ❌ |
We take the security of NEXAI OMNI-PRIME seriously. If you believe you have found a security vulnerability, please report it to us as described below.
- Open a public GitHub issue for security vulnerabilities
- Disclose the vulnerability publicly before it has been addressed
- Email us directly at: gokhanturkmeen@gmail.com
- Provide detailed information including:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Communication: We will keep you informed about the progress of fixing the vulnerability
- Credit: We will credit you in the security advisory (unless you prefer to remain anonymous)
- Timeline: We aim to address critical vulnerabilities within 7 days
- Keep dependencies updated: Regularly update to the latest version
- Secure API keys: Never commit API keys or secrets to version control
- Use environment variables: Store sensitive data in environment variables
- Review permissions: Only grant necessary permissions to the application
- Code review: All code changes undergo security review
- Dependency scanning: We use automated tools to scan for vulnerable dependencies
- Input validation: Always validate and sanitize user input
- Authentication: Follow OAuth 2.0 best practices
- Data encryption: Sensitive data must be encrypted at rest and in transit
This project requires API keys for:
- Ollama/Gemini AI services
- Cloudflare Workers deployment
Important: Never commit API keys to the repository. Use environment variables or secrets management.
- Personality data: Stored locally by default
- Privacy: Users control their data
- Anonymization: Personal information is anonymized in analytics
- GDPR compliance: Users can request data deletion
We integrate with:
- Ollama: Local AI inference
- Google Gemini: Cloud AI services
- Cloudflare: Hosting and CDN
Please review their security policies:
Security updates will be released as patch versions and announced via:
- GitHub Security Advisories
- Release notes
- Project README
Subscribe to repository notifications to stay informed.
We follow responsible disclosure principles:
- Report received: Vulnerability reported privately
- Validation: We validate and assess the severity
- Fix development: We develop and test a fix
- Release: Security patch released
- Disclosure: Public disclosure after fix is available
- Credit: Reporter credited (if desired)
We appreciate security researchers who help keep NEXAI OMNI-PRIME secure. Contributors who report valid security issues will be listed here (with permission):
No security issues reported yet
For security concerns, contact:
- Email: gokhanturkmeen@gmail.com
- GitHub: @turkmen-coder
Thank you for helping keep NEXAI OMNI-PRIME and our users safe! 🔒