40a38b8b88
- 新增 ES logo (docs/public/logo.svg) - README 添加居中 logo、徽章和导航链接 - 更新 LICENSE 版权为 ESEngine Contributors - SECURITY.md 添加英文版本,更新联系方式 - 移除不稳定的性能测试
2.9 KiB
2.9 KiB
Security Policy / 安全政策
English | 中文
Supported Versions
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ❌ |
Reporting a Vulnerability
If you discover a security vulnerability, please report it through the following channels:
Reporting Channels
- GitHub Security Advisories: Report a vulnerability (Recommended)
- Email: security@esengine.dev
Reporting Guidelines
- Do NOT report security vulnerabilities in public issues
- Provide a detailed description of the vulnerability, including:
- Affected versions
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
Response Timeline
- Acknowledgment: Within 72 hours
- Initial Assessment: Within 1 week
- Fix Release: Typically within 2-4 weeks, depending on severity
Process
- We will confirm the existence and severity of the vulnerability
- Develop and test a fix
- Release a security update
- Publicly disclose the vulnerability details after the fix is released
Security Best Practices
When using ESEngine, please follow these security recommendations:
- Always use the latest stable version
- Regularly update dependencies
- Disable debug mode in production
- Validate all external input data
- Do not store sensitive information on the client side
安全政策
English | 中文
支持的版本
我们为以下版本提供安全更新:
| 版本 | 支持状态 |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ❌ |
报告漏洞
如果您发现了安全漏洞,请通过以下方式报告:
报告渠道
- GitHub 安全公告: 报告漏洞(推荐)
- 邮箱: security@esengine.dev
报告指南
- 不要在公开的 issue 中报告安全漏洞
- 提供详细的漏洞描述,包括:
- 受影响的版本
- 复现步骤
- 潜在的影响范围
- 如果可能,提供修复建议
响应时间
- 确认收到: 72小时内
- 初步评估: 1周内
- 修复发布: 根据严重程度,通常在2-4周内
处理流程
- 我们会确认漏洞的存在和严重程度
- 开发修复方案并进行测试
- 发布安全更新
- 在修复发布后,会在相关渠道公布漏洞详情
安全最佳实践
使用 ESEngine 时,请遵循以下安全建议:
- 始终使用最新的稳定版本
- 定期更新依赖项
- 在生产环境中禁用调试模式
- 验证所有外部输入数据
- 不要在客户端存储敏感信息
感谢您帮助保持 ESEngine 的安全性!
Thank you for helping keep ESEngine secure!