mirror of
https://gitee.com/spark-store-project/spark-store
synced 2026-04-26 01:10:16 +08:00
2dd9d1f27a
Updated the security policy to include both English and Chinese versions, detailing supported versions and vulnerability reporting guidelines.
2.6 KiB
2.6 KiB
Security Policy / 安全策略
🌐 English Version
Supported Versions
The following versions currently receive security updates:
| Version | Supported |
|---|---|
| > 1.0.4 | ✅ |
| < 1.0.4 | ❌ |
Note
: Only versions marked with ✅ receive security patches. Upgrade to a supported version immediately if using an unsupported release.
Reporting a Vulnerability
We deeply appreciate your efforts to responsibly disclose security issues. Please follow these guidelines:
📬 How to Report
- Preferred: Use GitHub's Private Vulnerability Reporting
📋 Report Should Include
- Clear description of the vulnerability and potential impact
- Affected component/version
- Steps to reproduce (PoC code appreciated but optional)
- Suggested mitigation (if known)
- Contact information and preferred disclosure timeline
⚠️ Important Notes
- DO NOT disclose publicly before coordination
- Avoid intrusive testing (e.g., data exfiltration, DoS)
- We comply with ISO/IEC 29147 vulnerability disclosure standards
- Good-faith researchers acting responsibly will not face legal action
Thank you for helping keep our community safe! 🛡️
🇨🇳 中文版本
支持的版本
以下版本当前接收安全更新:
| 版本 | 是否支持 |
|---|---|
| > 1.0.4 | ✅ |
| < 1.0.4 | ❌ |
提示:仅标记 ✅ 的版本接收安全补丁。如使用不受支持的版本,请立即升级至受支持版本。
漏洞报告流程
感谢您负责任地披露安全问题。请遵循以下指南:
📬 报告方式
- 首选:使用 GitHub 私有漏洞报告 功能
📋 报告内容建议包含
- 漏洞清晰描述及潜在影响
- 受影响组件/版本
- 复现步骤(提供验证代码更佳,非必需)
- 建议的缓解措施(如已知)
- 联系方式及期望的披露时间
⚠️ 重要提示
- 修复完成前请勿公开披露
- 避免侵入性测试(如数据窃取、拒绝服务攻击)
- 本流程遵循 ISO/IEC 29147 漏洞披露国际标准
- 本着善意负责任研究的安全研究员将不会面临法律追责
感谢您为社区安全贡献力量!🛡️