Vulnerability Management Policy
Purpose
How Rexplore finds, triages and fixes security vulnerabilities in Nakama.
Identification
We monitor security advisories for our platform dependencies (Chrome extension APIs, Node.js, hosting platform) and review code changes for security impact. The extension's minimal-dependency design keeps the surface small.
Reporting channel
Anyone can report a suspected vulnerability to help@rexplore.xyz. We acknowledge reports within 3 business days.
Triage and severity
Reports are triaged by impact and exploitability into critical, high, medium and low.
Remediation targets
Critical: fix or mitigation within 72 hours. High: within 7 days. Medium: within 30 days. Low: next regular release. Chrome's extension auto-update delivers fixes to users without action on their part.
Coordinated disclosure
We ask reporters to allow up to 90 days for a fix before public disclosure, and we credit reporters who wish to be named.