Skip to content

Security: dashitongzhi/MingJian

Security

SECURITY.md

Security Policy / 安全政策

Supported Versions / 支持版本

MingJian currently supports the latest code on the master branch. Older commits and unofficial distributions do not receive security fixes.

明鉴目前只为 master 分支的最新代码提供安全修复。旧提交和非官方分发版本不在支持范围内。

Reporting a Vulnerability / 报告安全漏洞

Do not disclose a suspected vulnerability in a public issue, discussion, or pull request. Email the maintainers at cajd6876@gmail.com with the subject [MingJian Security], or use 2965866908@qq.com if the primary address is unavailable.

请勿在公开 Issue、Discussion 或 Pull Request 中披露疑似漏洞。请发送邮件至 cajd6876@gmail.com,主题使用 [MingJian Security];若主邮箱 不可用,可联系 2965866908@qq.com

Include the following information when practical:

  • Affected commit, endpoint, component, or deployment mode.
  • Reproduction steps or a minimal proof of concept.
  • Security impact and any known prerequisites.
  • Suggested mitigation, if available.
  • Whether you plan to publish the finding and your proposed disclosure date.

在条件允许时,请提供受影响的提交、接口、组件或部署模式,复现步骤或最小化验证代码, 安全影响与前置条件,可行的缓解建议,以及计划公开漏洞的时间。

Do not include production credentials, personal data, or data obtained from systems you do not own or have permission to test. Test only against systems you are authorized to assess.

请勿发送生产凭据、个人数据,或来自未经授权系统的数据;仅测试您拥有或已获授权评估的系统。

Response Process / 响应流程

The maintainers aim to acknowledge a report within three business days and provide an initial assessment within seven business days. Remediation and disclosure timing depend on severity and deployment impact. Please allow coordinated remediation before public disclosure.

维护者计划在三个工作日内确认收到报告,并在七个工作日内给出初步评估。修复和披露时间将 根据漏洞严重程度与部署影响确定;请在公开披露前预留协同修复时间。

There aren't any published security advisories