Skip to content

Security: NeoLabs-Systems/NeoArchive

Security

SECURITY.md

Security policy

NeoArchive is intended for trusted self-hosted deployments. If you discover a security issue, do not open a public issue with exploit details.

Reporting

  • Send a private report to the maintainer through the NeoLabs Systems contact path you already use for repository access.
  • Include the affected version, deployment shape, reproduction steps, impact, and whether the issue crosses user or admin boundaries.
  • If the issue involves encryption, API keys, sessions, MCP scopes, or support-access paths, call that out explicitly.

Scope reminders

  • NeoArchive treats the running server host as a trusted boundary.
  • The product still aims to enforce strict separation between normal users, administrators, API keys, and MCP callers inside that trusted deployment.
  • Reports about leaked credentials, plaintext document exposure, cross-user access, broken admin separation, or bypassed encryption checks are always in scope.

There aren't any published security advisories