mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 16:16:52 +00:00
37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Security fixes are applied to the latest supported release line and the active development branch.
|
|
|
|
| Branch / channel | Status |
|
|
| --- | --- |
|
|
| `main` / `@latest` | Supported |
|
|
| `dev` / `@dev` | Supported |
|
|
| Older releases | Best effort only |
|
|
|
|
## Report A Vulnerability
|
|
|
|
Do not open public GitHub issues for suspected security vulnerabilities.
|
|
|
|
Use GitHub Private Vulnerability Reporting instead:
|
|
|
|
- https://github.com/kaitranntt/ccs/security/advisories/new
|
|
|
|
Include:
|
|
|
|
- A short description of the issue
|
|
- Affected version, branch, or install method
|
|
- Reproduction steps or proof of concept
|
|
- Impact assessment if you have one
|
|
|
|
Please avoid posting tokens, cookies, private configs, or exploit details in public issues, discussions, or screenshots.
|
|
|
|
## What To Expect
|
|
|
|
- Initial acknowledgement target: within 3 business days
|
|
- Triage and severity assessment after reproduction
|
|
- A coordinated fix and release when the report is confirmed
|
|
|
|
If you already opened a public issue by mistake, edit it down to a minimal note and ask for a private reporting path instead of posting more detail.
|