Files
ccs/SECURITY.md
T

37 lines
1.1 KiB
Markdown

# Security Policy
## Supported Versions
Security fixes are applied to the latest supported release line and the active development branch.
| Branch / channel | Status |
| --- | --- |
| `main` / `@latest` | Supported |
| `dev` / `@dev` | Supported |
| Older releases | Best effort only |
## Report A Vulnerability
Do not open public GitHub issues for suspected security vulnerabilities.
Use GitHub Private Vulnerability Reporting instead:
- https://github.com/kaitranntt/ccs/security/advisories/new
Include:
- A short description of the issue
- Affected version, branch, or install method
- Reproduction steps or proof of concept
- Impact assessment if you have one
Please avoid posting tokens, cookies, private configs, or exploit details in public issues, discussions, or screenshots.
## What To Expect
- Initial acknowledgement target: within 3 business days
- Triage and severity assessment after reproduction
- A coordinated fix and release when the report is confirmed
If you already opened a public issue by mistake, edit it down to a minimal note and ask for a private reporting path instead of posting more detail.