English | 中文
We provide security updates for the following versions:
| Version | Supported |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ❌ |
If you discover a security vulnerability, please report it through the following channels:
- GitHub Security Advisories: Report a vulnerability (Recommended)
- Email: [email protected]
- Do NOT report security vulnerabilities in public issues
- Provide a detailed description of the vulnerability, including:
- Affected versions
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
- Acknowledgment: Within 72 hours
- Initial Assessment: Within 1 week
- Fix Release: Typically within 2-4 weeks, depending on severity
- We will confirm the existence and severity of the vulnerability
- Develop and test a fix
- Release a security update
- Publicly disclose the vulnerability details after the fix is released
When using ESEngine, please follow these security recommendations:
- Always use the latest stable version
- Regularly update dependencies
- Disable debug mode in production
- Validate all external input data
- Do not store sensitive information on the client side
English | 中文
我们为以下版本提供安全更新:
| 版本 | 支持状态 |
|---|---|
| 2.x.x | ✅ |
| 1.x.x | ❌ |
如果您发现了安全漏洞,请通过以下方式报告:
- GitHub 安全公告: 报告漏洞(推荐)
- 邮箱: [email protected]
- 不要在公开的 issue 中报告安全漏洞
- 提供详细的漏洞描述,包括:
- 受影响的版本
- 复现步骤
- 潜在的影响范围
- 如果可能,提供修复建议
- 确认收到: 72小时内
- 初步评估: 1周内
- 修复发布: 根据严重程度,通常在2-4周内
- 我们会确认漏洞的存在和严重程度
- 开发修复方案并进行测试
- 发布安全更新
- 在修复发布后,会在相关渠道公布漏洞详情
使用 ESEngine 时,请遵循以下安全建议:
- 始终使用最新的稳定版本
- 定期更新依赖项
- 在生产环境中禁用调试模式
- 验证所有外部输入数据
- 不要在客户端存储敏感信息
感谢您帮助保持 ESEngine 的安全性!
Thank you for helping keep ESEngine secure!