Security

At NodeSpace, we take security very seriously. We want to know about any security issues in order to protect our client and company data. Depending on the issue reported, we may even reward with a bounty. Before reporting a security issue, please read the following guidelines very carefully.

  1. Low-effort and common “vulnerabilities” are not usually replied to. Examples of this include, but are not limited to, “click jacking”. This is just how the Internet works and therefore we don’t consider it a “vulnerability”.
  2. Most of our software is provided by third-parties. You need to identify if the vulnerability is with software provided by the core developer, a NodeSpace-developed plugin/addon/module, or with a third-party developer. If the issue is in code provided by the core developer or third-party developer, you will be referred to their vulnerability reporting program.
  3. Do not test our production sites. Our security team will notice and you may have abuse reports filed with your ISP. Do not fill our production sites up with garbage or test data.
  4. Do not harass or pester us for updates and/or payment. Harassment is a guarantee you will receive nothing. Depending on the severability of the issue reported, you may not receive updates. This is industry norm.

How to report issues

You must submit all issues to security@nodespace.com. Security submissions cannot be accepted on social media. Your submission needs to contain the following:

  1. What is the exact issue.
  2. How to reproduce this issue including all relevant steps you performed. If you wrote custom code to perform these actions, you must provide it.
  3. If this discloses sensitive or secure information/data about our company (including employees, vendors, etc.) and/or our clients. If it does, you must provide all data you obtained and how it was obtained.
  4. Your suggested remedies. You must also be willing to work with us on patching the system and follow up testing.
  5. You must not disclose the vulnerability to anyone else. If it is disclosed, you will forfeit any reward and you risk prosecution.

GPG Key

You can securely contact our security team using the following GPG key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: User-ID:	NodeSpace Security <security@nodespace.com>
Comment: a.k.a.:	NodeSpace Security <security@nodespace.net>
Comment: Valid from:	11/28/2021 2:27 PM
Comment: Valid until:	11/28/2023 12:00 PM
Comment: Type:	3,072-bit RSA (secret key available)
Comment: Usage:	Signing, Encryption, Certifying User-IDs
Comment: Fingerprint:	4AD8768BE487FC5EEA4392A73F54819B6227FF9B


mQGNBGGj2CoBDACs0z4AoqbEBthWic9D8BgPaRWnMm9Y0wwYDPhAT/dwPRf+ZAUS
0Cfuh2JG8lrr4sxpg8+nwHvDOX4bd5Qnu0pS1cGixGMZmx3qzOhX1wpw5a2t53oM
/5qz6rSCbimMrgTbknwJhowLSv+laXI+55+eqjyKMV9HEW/s9eb1x4eKKrWQA7ym
ul+rrw92kaoR+LOE34TclWSCXAN1mM064OldY4KBeTwI34ILnDHfcmLPrqsVYHVy
DPb5zioNx/lEXbg8BHas7Lgqh6+ifDiJPtwEN+e38uIsH9ow12DJr+OMThaiacj5
/yj7/CxqJU5mZQpXQhLYnup5KWhkE9q/V4BBBZBibbR2Y2NcCeK59ji/aVfLLXkg
69vs+lij7QA85gfAY0lbtgTZRDIsTb6NoAB+vjUUTF/I3agEq7fDxE4xdAHJ1P7g
WVGLWEY0F+FvqUOIOWTVCdyM1D0gkH3JKLoORQbQtFhUtLyyOFNKZgoUKkR089h5
QM73o7jFFhBYIs8AEQEAAbQrTm9kZVNwYWNlIFNlY3VyaXR5IDxzZWN1cml0eUBu
b2Rlc3BhY2UuY29tPokB1wQTAQgAQQIbAwUJA8JEZgULCQgHAgYVCgkICwIEFgID
AQIeAQIXgBYhBErYdovkh/xe6kOSpz9UgZtiJ/+bBQJkr3soAhkBAAoJED9UgZti
J/+bWnQL/0dbfi6u19dnf4Iygp0D+PHSZekjQjxLgXoLqB8inU3swG9wQ7iMSKjM
wImTmUYZPjf2Xbo/7tBOExBJZLFKDx5Ln0taxCv73SYzY7jtH3z/SN1u7VSLW5lX
jahT7e3wpDTqFdzj3EP73ys/DYoxWiuhmh1JjgYBY1QosTdG1Y/iffFy8MyRAAo7
Bw2honTHnmS1rUCnuwxJ8/WgnDTYXzZD6rDrTbjNmcYruBUfU3MtVBhxTHj3n8Ea
PJmzDWMrWDzgH3ErAFEFz8u1gZDSMwPC+kgBk/LY3IzfmvRvigwOXGzt0B6WOOwS
wOyMjwu3mfvSobj0riJ8ZK1pmJZ7SoHK8M2X5hTAGksbnCldtbViBmIpVS8ePhxm
V275Iwt9hRzoWlBfNE0ssXAuT5VDFUZu5cW+M7sd+ibpAbMS/Y5TsUEx8TLHq5yM
TXTtTjmDBjWab+I4V1ad09tUNkTOp28WqYbfQInUMxFkmKedjOOGhYUGKVmmdINI
aNrOlfd5TIkCMwQQAQgAHRYhBEBS6YanTmPzff+P/809bhjblJzoBQJkr3tOAAoJ
EM09bhjblJzoezIQAIK3XNoaGMgUt9hUKYGoaEn/JqUuaMHgKC4H0I5Yz/eouybU
pnpEHwYs6sykuEEIDLNm0xDCyatgQa0fgMbIpYYOZWho0hEYyRr3LDG7ahd2KojF
+8V3iV9z8THXsIognRkP4SFSgLAWvZkCZrcvTb2H00hK+rivLGTpnN/FYM0ZW87N
O0LG3PCO2tysq8qaI01bs3w7AcaXyXQ0QyyFOmi+8SekvChOXLpezYHtclW5JTKv
Ug/0hDCZ/7g37QOv1eV7cCvi4nT3N9bImdfEnfluB7dqbiK4PTy2n+KesXlK6qPF
npy+YIeazjCQowpzwH7NhRASs25Ny0vXptRyIriDYvLHMw3NhlxKDufrpIqQInfJ
sCcwViDEJX40/L+hIDdi9kwqG6K28uLsv57YHDhprEyhVLgDqRgRRFZfv65xAfEC
EfV3kO1hKy3abVWDzHWvnk8D9PHlEmyh/9QaNqNobbEFOhkhJjHLoIjrCaDujla/
WCHUkrv5T75bi2WdRllQU8D6hXzxdzeVNYhFKKdce5ZfKFYPBS2j+xh9QyLMgN27
nHBLz78I8poB166TKVl0km61Q5djnZCzjJ/ZIupSsqgPoMez7WgDp+wJVAy7jqLU
TgxFu5ZZ1+T+K7OPSx/M+ekpuPRNiWv5G54w0nghjhv+3TOCYl6B3TPDuyY0tCtO
b2RlU3BhY2UgU2VjdXJpdHkgPHNlY3VyaXR5QG5vZGVzcGFjZS5uZXQ+iQHUBBMB
CAA+AhsDBQkDwkRmBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEESth2i+SH/F7q
Q5KnP1SBm2In/5sFAmSveygACgkQP1SBm2In/5tO/Av/WtcGd02C7J07U+d5CHc+
wyXkhuGbqCYEYsaZcqkulaujRkGnY4LMYqu4VmOsOD3nbep6eGGQVRkEZjaVnv2q
kXXVmEusaHgRcLfAUUVjWDJrmmKXABHWdwyVxD9Q/iI7ElZRpuElazunxFHRLQGa
H80C9/aXxyD6phf5VPLJtCvktQKbZJJquonyjcHciDDd0gyv9DGum/yls+dF42e7
e8d5MWHcAM0aoA6tmfL2lc375WndaEEkWIBcaNgHwIx+bePNifPReRNiECC0f1pQ
kpsMNRFtTHuW0/YQWNR++DwApg+OAksV/bOUO2zWaKhaltdQNtR+FYK8BfaM1rY0
YGn3wnX0BI9n+upuWetysSKm7C21wTLKToejZO0T/iH9Ac9/K7IyWdzmymEZ1Z7L
mJxR1/9ORKRyiwrdVIv2Tr0Dmm0pFOsUL4AJ3Dvu6uWMpFAwyjf8IN38OlRh9pfn
+BV6LNsA3NMlYBQk3rMUlcwYtiJjZuMKfeh2L2kga5UdiQIzBBABCAAdFiEEQFLp
hqdOY/N9/4//zT1uGNuUnOgFAmSve04ACgkQzT1uGNuUnOjIIw/9GjvAjKKycotU
ASXURjrYV+Vfk1LPCd70BYFCRlaPyXVAnAAJBwNhJSn3e6Njigd/LD7SG/Lhi5JO
kGTxDO/jvFDBIM0f3YkJR9s5RXqMJdPRnoc/qpp5WvvTziVT6phJb6U8fQYz+m2p
HNCSjQvbsY3ZEKArBffgExfAUYTZOogENf0o9mNuhrHGPMYPNQtgd9yFRUU4IYDM
zMVrwXdLdMKZX+KhrlmEYMA1DrHJMnhC6yEgKBEJzF5XIQgaqBGjVsxyNNZ3RXCo
+dztY6ARaiiWqWKIt5KoMUwZM1CbxQ3sUQnJMRKY7MDPP18ad/cwB2hxYYdMp6AB
Rop8Epj4CNA317ycYj8IkR5ZdsjJr7iovg5zCZ31KwLTtBAX6p4VYjI9sTt1FAkE
iMt9rGVglji+wehWKzcEriTWCwVm+Rc8qbBwWajs4wFZnCRNq4KTkWhbe+0uKJby
ZiVlEfBVVuB1vVRqFEkVeCZi7v2h4srcRLWjRa+gZfBzFivDP0LW+6zcQRidW7mg
ez/0lDwwy+SyyeFb7Mf/mO2t8XfPiXuFc/iLRGHz9ccMnpIFtZ4QaeuUdDOqk7u5
rnJ55+2gx0cbKCvBcqCI0cLu++QVZnzFxCJWL/nb2iqUIW7VQF2G7TtKMQ4kztv0
APxyB2ZAU8A+vX/IotxgQVcCfduy+Ta5AY0EYaPYKgEMANLiMjMM/cQMwaDmtjbH
OzgaKGhGCXSrtpPxh+irdcykxqA6JAFWTkB7aILAuoQRXw8vVFP2cHtVzn2/5aT9
/k7r/VEM7pi96aUYA6E1rZbb0qaOvf9ydf7x1x5LBgR1srI5+EHGM21t8BU/62EU
EULEediSw09gfGFYbXVhj0gC3Mvn2kCOtoJeaJ8JyW+yyS2/rBMmX4zhcPI0Wykp
UCX5YNSNrhC1wr3FlY87XfFIkHtYv5g6SZlXBNUVjFy1kk28zeCBCK7Q/fgJUIMN
hJVcXyekdtg2AIPR/XuE0RcG2WORKQ7oUxYj+9n2gGXZd7NbhBoeSR5v35c/eYhP
clh6AAKj98s5eVw9jFAya3UyN9AzUtTk2LpwNqv5GRW6Q15tT92sk/rwTX9gVzyW
1SutBnOC6QHQg55aaXxiVKHnubBiYEyN6W8BFx66JqdJvDiU9fwsRp1E37iHhe0F
wNO6dgW4w3M6YsT+89Mma85Sp8j+zpG+2Gw0CepA7cUPCQARAQABiQG8BBgBCAAm
FiEESth2i+SH/F7qQ5KnP1SBm2In/5sFAmGj2CoCGwwFCQPCRGYACgkQP1SBm2In
/5uPQwv/XUmg4v0mjvUkRGhiULig+MBKZhyk7NOqIAVeim2u4BZjZ10zmoLDQc03
Xiuk1c2TFiAF6AfZzM9r5NyEmUPPzA+Io8eL2QdmX336Fcw7eFT0ZaSjfPl82HZ6
PXR5f8VTO44Uu06b9TvaxX7xcUVkafi+nzPznb3uWVdgJwJJ5gEuvkwobgR0Tyg7
q8vP40i/5LDsDalwZbDuRt1F+EeBOTGyS+s+k8zV0KiRz72vN6+edTvHUQiavggd
FA1hTq/9t9QBHuNAJ/yFPEOXjETQ2AFgp3RHO6UJorare3V7Tl1vUipET/IUHYPV
EDBBZMOEVj0zfV6+C/bnpreOzg//7YpQj1W9exFdIPdIlDv6tT/PVMlzH9QXCTNP
KedRlHxrkImRBiW/dcNkh+84Ep6Qpz2AXSja9YGCvisKAz1EUJQkKlYynhKM9VVI
lrAAlXfecCWiiXi0D/VsamYZG4SdmY7Ydvz7rx6aO0k67wBX7O93Fyojs+nryAmT
1o560TNY
=Ltmd
-----END PGP PUBLIC KEY BLOCK-----
Scroll to Top