2025-12-08 21:47:47 +08:00
|
|
|
|
# Security Policy / 安全政策
|
|
|
|
|
|
|
|
|
|
|
|
**English** | [中文](#安全政策-1)
|
|
|
|
|
|
|
|
|
|
|
|
## Supported Versions
|
|
|
|
|
|
|
|
|
|
|
|
We provide security updates for the following versions:
|
|
|
|
|
|
|
|
|
|
|
|
| Version | Supported |
|
|
|
|
|
|
| ------- | ------------------ |
|
|
|
|
|
|
| 2.x.x | :white_check_mark: |
|
|
|
|
|
|
| 1.x.x | :x: |
|
|
|
|
|
|
|
|
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
|
|
|
|
|
|
|
|
If you discover a security vulnerability, please report it through the following channels:
|
|
|
|
|
|
|
|
|
|
|
|
### Reporting Channels
|
|
|
|
|
|
|
|
|
|
|
|
- **GitHub Security Advisories**: [Report a vulnerability](https://github.com/esengine/esengine/security/advisories/new) (Recommended)
|
|
|
|
|
|
- **Email**: security@esengine.dev
|
|
|
|
|
|
|
|
|
|
|
|
### Reporting Guidelines
|
|
|
|
|
|
|
|
|
|
|
|
1. **Do NOT** report security vulnerabilities in public issues
|
|
|
|
|
|
2. Provide a detailed description of the vulnerability, including:
|
|
|
|
|
|
- Affected versions
|
|
|
|
|
|
- Steps to reproduce
|
|
|
|
|
|
- Potential impact
|
|
|
|
|
|
- Suggested fix (if available)
|
|
|
|
|
|
|
|
|
|
|
|
### Response Timeline
|
|
|
|
|
|
|
|
|
|
|
|
- **Acknowledgment**: Within 72 hours
|
|
|
|
|
|
- **Initial Assessment**: Within 1 week
|
|
|
|
|
|
- **Fix Release**: Typically within 2-4 weeks, depending on severity
|
|
|
|
|
|
|
|
|
|
|
|
### Process
|
|
|
|
|
|
|
|
|
|
|
|
1. We will confirm the existence and severity of the vulnerability
|
|
|
|
|
|
2. Develop and test a fix
|
|
|
|
|
|
3. Release a security update
|
|
|
|
|
|
4. Publicly disclose the vulnerability details after the fix is released
|
|
|
|
|
|
|
|
|
|
|
|
## Security Best Practices
|
|
|
|
|
|
|
|
|
|
|
|
When using ESEngine, please follow these security recommendations:
|
|
|
|
|
|
|
|
|
|
|
|
- Always use the latest stable version
|
|
|
|
|
|
- Regularly update dependencies
|
|
|
|
|
|
- Disable debug mode in production
|
|
|
|
|
|
- Validate all external input data
|
|
|
|
|
|
- Do not store sensitive information on the client side
|
|
|
|
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
# 安全政策
|
2020-06-30 23:22:25 +08:00
|
|
|
|
|
2025-12-08 21:47:47 +08:00
|
|
|
|
[English](#security-policy--安全政策) | **中文**
|
|
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
## 支持的版本
|
2020-06-30 23:22:25 +08:00
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
我们为以下版本提供安全更新:
|
2020-06-30 23:22:25 +08:00
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
| 版本 | 支持状态 |
|
2020-06-30 23:22:25 +08:00
|
|
|
|
| ------- | ------------------ |
|
2025-12-08 21:47:47 +08:00
|
|
|
|
| 2.x.x | :white_check_mark: |
|
|
|
|
|
|
| 1.x.x | :x: |
|
2020-06-30 23:22:25 +08:00
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
## 报告漏洞
|
2020-06-30 23:22:25 +08:00
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
如果您发现了安全漏洞,请通过以下方式报告:
|
2020-06-30 23:22:25 +08:00
|
|
|
|
|
2025-06-08 21:50:50 +08:00
|
|
|
|
### 报告渠道
|
|
|
|
|
|
|
2025-12-08 21:47:47 +08:00
|
|
|
|
- **GitHub 安全公告**: [报告漏洞](https://github.com/esengine/esengine/security/advisories/new)(推荐)
|
|
|
|
|
|
- **邮箱**: security@esengine.dev
|
2025-06-08 21:50:50 +08:00
|
|
|
|
|
2025-12-08 21:47:47 +08:00
|
|
|
|
### 报告指南
|
2025-06-08 21:50:50 +08:00
|
|
|
|
|
|
|
|
|
|
1. **不要**在公开的 issue 中报告安全漏洞
|
|
|
|
|
|
2. 提供详细的漏洞描述,包括:
|
|
|
|
|
|
- 受影响的版本
|
|
|
|
|
|
- 复现步骤
|
|
|
|
|
|
- 潜在的影响范围
|
|
|
|
|
|
- 如果可能,提供修复建议
|
|
|
|
|
|
|
|
|
|
|
|
### 响应时间
|
|
|
|
|
|
|
|
|
|
|
|
- **确认收到**: 72小时内
|
|
|
|
|
|
- **初步评估**: 1周内
|
|
|
|
|
|
- **修复发布**: 根据严重程度,通常在2-4周内
|
|
|
|
|
|
|
|
|
|
|
|
### 处理流程
|
|
|
|
|
|
|
|
|
|
|
|
1. 我们会确认漏洞的存在和严重程度
|
|
|
|
|
|
2. 开发修复方案并进行测试
|
|
|
|
|
|
3. 发布安全更新
|
|
|
|
|
|
4. 在修复发布后,会在相关渠道公布漏洞详情
|
|
|
|
|
|
|
2025-12-08 21:47:47 +08:00
|
|
|
|
## 安全最佳实践
|
2025-06-08 21:50:50 +08:00
|
|
|
|
|
2025-12-08 21:47:47 +08:00
|
|
|
|
使用 ESEngine 时,请遵循以下安全建议:
|
2025-06-08 21:50:50 +08:00
|
|
|
|
|
|
|
|
|
|
- 始终使用最新的稳定版本
|
|
|
|
|
|
- 定期更新依赖项
|
|
|
|
|
|
- 在生产环境中禁用调试模式
|
|
|
|
|
|
- 验证所有外部输入数据
|
|
|
|
|
|
- 不要在客户端存储敏感信息
|
|
|
|
|
|
|
2025-12-08 21:47:47 +08:00
|
|
|
|
感谢您帮助保持 ESEngine 的安全性!
|
|
|
|
|
|
|
|
|
|
|
|
Thank you for helping keep ESEngine secure!
|
