We currently support the following versions of the Zano plugin for BTCPayServer:

If you discover a security vulnerability, we strongly encourage responsible disclosure.

Please do not create public GitHub issues or pull requests for security-related matters.

Instead, report it privately by contacting repository admins:

• Matrix: #btcpay-zano:matrix.org

Include as much information as possible:

• Vulnerability description
• Affected version(s)
• Reproduction steps or proof-of-concept
• Impact assessment

We aim to respond within 3 days and will coordinate disclosure once a fix is available.

When contributing code, please follow these security practices:

• Validate and sanitize all external inputs
• Avoid using deprecated or insecure libraries
• Do not hardcode credentials or secrets