安全策略
如果你在本项目中发现安全问题,请遵循以下指南。
报告漏洞
请勿通过公开的 GitHub Issue 报告安全漏洞。
请通过电子邮件向项目安全团队报告安全漏洞。团队将尽快调查并回复。
报告内容
请在报告中包含以下信息:
- 漏洞描述
- 复现步骤
- 漏洞的潜在影响
- 建议的修复或缓解措施(如有)
处理流程
- 确认收到:我们将在 48 小时内确认收到你的报告
- 评估:我们将评估漏洞并确定严重程度
- 修复:我们将制定修复方案并协调披露
- 致谢:我们将感谢你的发现(除非你希望保持匿名)
支持的版本
仅最新版本接收安全补丁。建议用户升级到最新版本以获取安全修复。
安全最佳实践
- 保持所有依赖项为最新状态
- 在 GitHub 账户上启用双因素认证
- 遵循最小权限原则
- 合并前仔细审查代码变更
最新版本的策略请访问 iFLYTEK 社区安全策略。
If you discover a security issue in this project, please follow the guidelines below.
Reporting a Vulnerability
Do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing the project's security team. The team will investigate and respond as soon as possible.
What to Include
Please include the following information in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations (if available)
What to Expect
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will assess the vulnerability and determine the severity
- Resolution: We will work on a fix and coordinate the disclosure
- Credit: We will credit you for the discovery (unless you prefer to remain anonymous)
Supported Versions
Only the latest release receives security patches. Users are encouraged to upgrade to the latest version to receive security fixes.
Security Best Practices
- Keep all dependencies up to date
- Enable two-factor authentication on your GitHub account
- Follow the principle of least privilege when granting access
- Review code changes carefully before merging
For the latest version of this policy, please visit iFLYTEK Community Security Policy.
