spark-store-project/spark-store
15
0
Fork 0
mirror of https://gitee.com/spark-store-project/spark-store synced 2026-04-26 01:10:16 +08:00
Code Issues 1 Packages Projects Releases Wiki Activity

docs: Enhance SECURITY.md with bilingual support and details

Browse Source 
Updated the security policy to include both English and Chinese versions, detailing supported versions and vulnerability reporting guidelines.
This commit is contained in:
Yinan Qin
2026-01-31 23:19:54 +08:00
committed by GitHub
parent c8709711df
commit 2dd9d1f27a
1 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
SECURITY.md Normal file
View File

@@ -0,0 +1,71 @@
# Security Policy / 安全策略
---
## 🌐 English Version
### Supported Versions
The following versions currently receive security updates:
| Version | Supported |
|---------|--------------------|
| > 1.0.4 | :white_check_mark: |
| < 1.0.4 | :x: |
> **Note**: Only versions marked with ✅ receive security patches. Upgrade to a supported version immediately if using an unsupported release.
### Reporting a Vulnerability
We deeply appreciate your efforts to responsibly disclose security issues. Please follow these guidelines:
#### 📬 How to Report
- **Preferred**: Use GitHub's [Private Vulnerability Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities)
#### 📋 Report Should Include
- Clear description of the vulnerability and potential impact
- Affected component/version
- Steps to reproduce (PoC code appreciated but optional)
- Suggested mitigation (if known)
- Contact information and preferred disclosure timeline
#### ⚠️ Important Notes
- **DO NOT** disclose publicly before coordination
- Avoid intrusive testing (e.g., data exfiltration, DoS)
- We comply with [ISO/IEC 29147](https://www.iso.org/standard/45173.html) vulnerability disclosure standards
- Good-faith researchers acting responsibly will not face legal action
Thank you for helping keep our community safe! 🛡️
---
## 🇨🇳 中文版本
### 支持的版本
以下版本当前接收安全更新:
| 版本 | 是否支持 |
|--------|-------------------|
| > 1.0.4 | :white_check_mark: |
| < 1.0.4 | :x: |
> **提示**:仅标记 ✅ 的版本接收安全补丁。如使用不受支持的版本,请立即升级至受支持版本。
### 漏洞报告流程
感谢您负责任地披露安全问题。请遵循以下指南:
#### 📬 报告方式
- **首选**:使用 GitHub [私有漏洞报告](https://docs.github.com/zh/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities) 功能
#### 📋 报告内容建议包含
- 漏洞清晰描述及潜在影响
- 受影响组件/版本
- 复现步骤(提供验证代码更佳,非必需)
- 建议的缓解措施(如已知)
- 联系方式及期望的披露时间
#### ⚠️ 重要提示
- 修复完成前**请勿公开披露**
- 避免侵入性测试(如数据窃取、拒绝服务攻击)
- 本流程遵循 [ISO/IEC 29147](https://www.iso.org/standard/45173.html) 漏洞披露国际标准
- 本着善意负责任研究的安全研究员将不会面临法律追责
感谢您为社区安全贡献力量!🛡️