mirror of
https://gitee.com/wanwujie/sub2api-mobile
synced 2026-04-02 22:42:14 +08:00
36 lines
934 B
Markdown
36 lines
934 B
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
This project is currently maintained on the `main` branch only.
|
||
|
|
|
||
|
|
| Version | Supported |
|
||
|
|
| ------- | --------- |
|
||
|
|
| main | ✅ |
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
If you discover a security issue, please report it privately first.
|
||
|
|
|
||
|
|
Preferred channels:
|
||
|
|
|
||
|
|
1. Open a private security advisory in GitHub (if enabled).
|
||
|
|
2. If private advisory is not available, open an issue with minimal details and
|
||
|
|
request a private follow-up from maintainers.
|
||
|
|
|
||
|
|
Please include:
|
||
|
|
|
||
|
|
- A clear description of the vulnerability
|
||
|
|
- Affected files/endpoints/flows
|
||
|
|
- Reproduction steps or proof of concept
|
||
|
|
- Potential impact
|
||
|
|
- Suggested remediation (if available)
|
||
|
|
|
||
|
|
## Response Expectations
|
||
|
|
|
||
|
|
- Initial triage target: within 3 business days
|
||
|
|
- Status update target: within 7 business days
|
||
|
|
- Fix timeline depends on severity and release constraints
|
||
|
|
|
||
|
|
We will coordinate disclosure timing after remediation is available.
|