If you discover a security vulnerability in Nexus, please do not open a public issue.

Instead, report it privately via a GitHub Security Advisory. Only the maintainer can see the advisory until it is published.

You should receive an initial response within 7 days. If accepted, a fix will be prepared privately and disclosed in the next patch release.