# Security Policy / 安全策略 --- ## 🌐 English Version ### Supported Versions The following versions currently receive security updates: | Version | Supported | |---------|--------------------| | > 1.0.4 | :white_check_mark: | | < 1.0.4 | :x: | > **Note**: Only versions marked with ✅ receive security patches. Upgrade to a supported version immediately if using an unsupported release. ### Reporting a Vulnerability We deeply appreciate your efforts to responsibly disclose security issues. Please follow these guidelines: #### 📬 How to Report - **Preferred**: Use GitHub's [Private Vulnerability Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities) #### 📋 Report Should Include - Clear description of the vulnerability and potential impact - Affected component/version - Steps to reproduce (PoC code appreciated but optional) - Suggested mitigation (if known) - Contact information and preferred disclosure timeline #### ⚠️ Important Notes - **DO NOT** disclose publicly before coordination - Avoid intrusive testing (e.g., data exfiltration, DoS) - We comply with [ISO/IEC 29147](https://www.iso.org/standard/45173.html) vulnerability disclosure standards - Good-faith researchers acting responsibly will not face legal action Thank you for helping keep our community safe! 🛡️ --- ## 🇨🇳 中文版本 ### 支持的版本 以下版本当前接收安全更新: | 版本 | 是否支持 | |--------|-------------------| | > 1.0.4 | :white_check_mark: | | < 1.0.4 | :x: | > **提示**:仅标记 ✅ 的版本接收安全补丁。如使用不受支持的版本,请立即升级至受支持版本。 ### 漏洞报告流程 感谢您负责任地披露安全问题。请遵循以下指南: #### 📬 报告方式 - **首选**:使用 GitHub [私有漏洞报告](https://docs.github.com/zh/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities) 功能 #### 📋 报告内容建议包含 - 漏洞清晰描述及潜在影响 - 受影响组件/版本 - 复现步骤(提供验证代码更佳,非必需) - 建议的缓解措施(如已知) - 联系方式及期望的披露时间 #### ⚠️ 重要提示 - 修复完成前**请勿公开披露** - 避免侵入性测试(如数据窃取、拒绝服务攻击) - 本流程遵循 [ISO/IEC 29147](https://www.iso.org/standard/45173.html) 漏洞披露国际标准 - 本着善意负责任研究的安全研究员将不会面临法律追责 感谢您为社区安全贡献力量!🛡️