Please see Releases. We recommend using the most recently released version.

Public announcements of new releases with security fixes and of disclosure of any vulnerabilities will be made in Nimiq's blog.

We’re extremely grateful for security researchers and users that report vulnerabilities to the Nimiq community. All reports are thoroughly investigated.

Please do not file a public ticket mentioning any vulnerability.

The Nimiq community asks that all suspected vulnerabilities be privately and responsibly disclosed.

To report a vulnerability, the preferential method is through Nimiq on HackerOne.

Alternatively, you can also email the [email protected] list with the details of reproducing the vulnerability as well as the usual details expected for all bug reports.

While the primary focus of this disclosure program is the Albatross protocol, the Nimiq wallet and Keyguard, the team may be able to assist in coordinating a response to a vulnerability in the third-party apps or tools in the Nimiq ecosystem.