SECURITY.md 1.4 KB
Security Policy
Supported Versions
Security support status for currently maintained versions:
| Version | Support Status |
|---|---|
| 2.x | ✅ Actively Maintained |
| 1.x | ❌ End of Life |
Vulnerability Reporting
Submit Vulnerability
Please submit reports via GitHub Security Advisory with:
- Affected version(s)
- Detailed vulnerability description
- Reproducible PoC (Proof of Concept)
- Environment configuration details
Handling Process
- Valid reports will be tracked through private advisory channels
- Within 21-31 days after remediation:
- Request CVE identifier from numbering authorities
- Publish technical details on GitHub Advisory
- Update Release Notes with impact assessment
Requirements
- Testing Restrictions: All security validation must be conducted in locally built isolated environments. Online demo systems are strictly prohibited for testing purposes
- Environment Isolation: Testing environments must be network-segregated from production systems. Test traffic must not leak beyond isolated networks
- Destructive testing is prohibited without explicit authorization
- Adhere to Coordinated Disclosure principles
- Vulnerability details must remain confidential until public disclosure
Security researchers will be acknowledged in project credits based on contribution significance