Skip to content

Security: thinkyou0714/public-docs

Security

SECURITY.md

Security Policy

Supported versions

The latest release of each project receives security updates. Older versions are not supported.

Reporting a vulnerability

Do not open a public issue for security concerns.

Scope for this default policy

This file is a fallback policy for repositories that do not define their own SECURITY.md. If a repository has a local security policy, that repository policy takes precedence.

Instead, use GitHub's private vulnerability reporting:

  1. Navigate to the affected repository
  2. Go to the Security tab
  3. Click Report a vulnerability

If private reporting is unavailable in the target repository, do not disclose details publicly. Open a minimal "security contact request" in Discussions without vulnerability details, then move to a confidential channel before sharing technical information.

What to include in a report

Please include:

  • affected repository and default branch
  • impacted version(s) or commit range
  • reproduction steps and prerequisites
  • impact assessment (confidentiality / integrity / availability)
  • proof-of-concept details (only in private reports)

We aim to:

  • Acknowledge reports within 48 hours
  • Provide a status update within 7 days
  • Release a fix within 30 days for confirmed issues

Disclosure

Coordinated disclosure preferred. We will credit reporters in release notes unless anonymity is requested.

There aren't any published security advisories