Security Policy

Please do not report security vulnerabilities through public GitHub issues, discussions, or other public channels.

Instead, please disclose them responsibly by contacting our security team at:
📧 chenshuangrui@gmail.com

What to Include:

Detailed description of the vulnerability
Steps to reproduce
Potential impact assessment
Suggested fixes or mitigations (if known)

Our Response Process:

Acknowledgement within 48 hours
Initial assessment within 5 business days
Regular updates on remediation progress
Public disclosure timeline coordinated with reporter

Security Updates

Critical security patches are released as soon as they're available. All security-related updates will be marked with [SECURITY] in release notes.

Recognition

While we don't currently have a formal bug bounty program, we gratefully acknowledge responsible disclosures by:

Listing contributors in our Security Hall of Fame
Providing written recommendations (upon request)
Public thank-you in release notes (with permission)

Note: This policy may be updated periodically. Last revised: January 2025

Security Policy ​

What to Include: ​

Our Response Process: ​

Security Updates ​

Recognition ​

Security Policy

What to Include:

Our Response Process:

Security Updates

Recognition