English | 中文

• Preferred: use GitHub Security Advisories on the affected repository (Security -> Advisories -> New draft).
• If Advisories are unavailable, contact the maintainers through a private channel. A dedicated security email will be published when ready.
• Please avoid public issues, pull requests, or discussions for security reports.

• Default branch and the latest release are supported.
• Older versions receive best-effort fixes; you may be asked to upgrade.

• Acknowledge within 72 hours.
• Initial assessment within 7 days.
• Coordinated disclosure target: within 90 days, adjusted by severity.

• We practice responsible disclosure and will coordinate timelines with reporters.

• 首选：在受影响仓库使用 GitHub Security Advisories（Security -> Advisories -> New draft）。
• 如无法使用 Advisories，请通过私密渠道联系维护者。专用安全邮箱将随后公布。
• 请勿在公开 Issue/PR/Discussion 中披露安全问题。

• 默认分支与最新发布版本处于支持范围。
• 旧版本为尽力支持，可能要求升级。

• 72 小时内确认收到。
• 7 天内给出初步评估。
• 协调披露目标：90 天内（按严重程度调整）。

• 遵循负责任披露，与报告者协商时间表。