Nubank supports the latest version of each of our open-source projects. Once a new version is released, we stop providing patches for security issues in older versions.
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions. If you discover a vulnerability, please do the following:
- E-mail your findings to security@nubank.com.br. If the issue is sensitive, please use our PGP key to encrypt your communications with us.
- Do not take advantage of the vulnerability or problem you have discovered.
- Do not reveal the problem to others until it has been resolved.
- Provide sufficient information to reproduce the problem so we can resolve it as quickly as possible.
- You will receive a response from us acknowledging receipt of your vulnerability report.
- You'll receive regular updates about our progress.
- Once the issue is resolved, we would like to mention your name in any dispatches about the issue so that we can credit you for your discovery. Please engage in responsible privacy practices when disclosing bugs to us, and we'll handle each report with utmost urgency.
We prefer all communications to be in English.
We greatly value your assistance in discovering and reporting vulnerabilities, and look forward to working with users who wish to help ensure Nubank's open-source projects' safety and security. Thank you for supporting Nubank's mission and helping ensure the highest levels of security for our community!