Skip to content

Security: xr843/fojin-cli

SECURITY.md

安全政策 / Security Policy

报告安全问题

请优先使用 GitHub 的 Private Vulnerability Reporting 私下报告漏洞。请不要在公开 issue、pull request、Discussion、日志或社交媒体中披露漏洞细节。

报告中请尽量包含:

  • 受影响的版本、平台与安装方式;
  • 可复现问题的最小步骤或概念验证;
  • 预期影响,以及已知的利用条件;
  • 可行的缓解或修复建议(如有)。

请删除令牌、凭据、个人数据和不必要的大型数据文件。若 GitHub 没有显示私密报告表单,请不要改用公开 issue 披露细节;保留报告,或仅通过你与维护者已经建立的私密渠道联系。项目没有公布安全报告邮箱。

维护者会在私密报告中协调确认、修复与披露。在修复可用并完成协调披露前,请保持细节私密。

Reporting a vulnerability

Please use GitHub Private Vulnerability Reporting as the preferred reporting channel. Do not disclose vulnerability details in a public issue, pull request, Discussion, log, or social-media post.

Include the affected version and platform, minimal reproduction steps or a proof of concept, the expected impact and prerequisites, and any suggested mitigation. Remove credentials, personal data, and unrelated large datasets. If the private form is unavailable, do not substitute a public report containing details; retain the report or use only a private channel you have already established with a maintainer. This project does not publish a security-reporting email address.

Please keep the report private while maintainers coordinate validation, remediation, and disclosure.

There aren't any published security advisories