This is the default security policy that applies to all my projects by default.
Please do not post information about unresolved security vulnerabilities in public. If you have found any potential vulnerabilities in projects maintained by me:
- All my repositories should have enabled private vulnerability reporting so you can report there. Feel free to leave any fields empty if you are uncertain. We can fill them later.
- Alternatively, you can write an email to [email protected].
Unless specified elsewhere, only the master branch and the latest release (if any) are supported.
这是默认应用于我所有项目的安全策略。
请不要在公开场合发布尚未修复的安全漏洞信息。如果你在我维护的项目中发现了潜在的安全漏洞:
- 我所有的代码仓库都应当启用了私密安全漏洞报告,你可以在相应页面提交漏洞报告。如果你不确定如何填写某些表项,可以先留空,后续我们可以一起补充。
- 或者,你也可以发送邮件至 [email protected]。
除非另有说明,只有主分支(master)和最新的发行版(如果有发行版)接受漏洞报告。