We are committed to protecting user security. The following versions will receive security updates:
| Version | Support Status |
|---|---|
| 1.0.x | β Supported |
| < 1.0 | β Not Supported |
If you discover a security vulnerability, please do not report it publicly. Instead, please report it privately through the following methods:
- Visit Security Advisories
- Click "Report a vulnerability"
- Fill in detailed security issue description
Please include [SECURITY] prefix in the email subject.
To help us better understand and resolve issues, please include in your report:
- Vulnerability Type: XSS, CSRF, information disclosure, etc.
- Impact Scope: Which features are affected
- Reproduction Steps: Detailed vulnerability reproduction steps
- Expected Behavior: What should happen normally
- Actual Behavior: What happens when the vulnerability is triggered
- Environment Information: Browser version, operating system, etc.
- Timestamp: Time when the vulnerability was discovered
We commit to respond within the following timeframes after receiving security reports:
- Initial Confirmation: Within 24 hours
- Detailed Assessment: Within 3 business days
- Fix Plan: Within 7 business days
- Fix Release: Determined by severity level
To maintain project security, we recommend:
- Regularly update dependencies
- Use HTTPS protocol
- Implement Content Security Policy (CSP)
- Conduct regular security audits
- Follow OWASP security guidelines
Thank you to all researchers and users who responsibly report security issues!
Note: Please do not discuss security issues in public Issues, as this may put other users at risk.