+
Skip to content

Security: kyhau/kyhau

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly:

How to Report

  1. Do NOT open a public issue
  2. Email security concerns to the maintainer (check repository owner's profile for contact)
  3. Or use GitHub's private vulnerability reporting if enabled

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response Timeline

  • Initial response: Within 48 hours
  • Status update: Within 7 days
  • Fix timeline: Depends on severity and complexity

Supported Versions

Security updates are provided for:

  • Latest major version
  • Previous major version (for 6 months after new major release)

Security Best Practices

When using this project:

  • Keep dependencies up to date
  • Use secrets management for sensitive data (never commit secrets)
  • Follow the principle of least privilege
  • Enable Dependabot security updates
  • Review and audit third-party dependencies

Disclosure Policy

  • Vulnerabilities will be disclosed after a fix is available
  • Credit will be given to reporters (unless anonymity is requested)
  • CVE IDs will be requested for significant vulnerabilities

There aren’t any published security advisories

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载