Elgato_dark/Olares
1
0
Fork 0
mirror of https://github.com/beclab/Olares synced 2026-04-21 13:37:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

docs: Create SECURITY.md (#2713)

Browse source 
Create SECURITY.md
This commit is contained in:
Peng Peng 2026-03-18 21:55:24 +08:00 committed by GitHub
parent b55c8929b0
commit 7eec9436d0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 59 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
SECURITY.md Normal file
View file

@ -0,0 +1,59 @@
# Security Policy
## Supported Versions
The following versions are currently supported with security updates:
| Version | Supported |
| ------- | --------- |
| Latest | Yes |
| Older versions | No |
If you are using an older version, we recommend upgrading to the latest version to receive security fixes and improvements.
## Reporting a Vulnerability
If you believe you have found a security vulnerability, please do **not** disclose it publicly through GitHub issues, discussions, forums, or social media.
Instead, please report it to us by email at:
**hi@olares.com**
To help us investigate the issue efficiently, please include as much of the following information as possible:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Proof of concept (PoC), if available
- Affected product, version, or environment
- Potential impact of the issue
- Any relevant screenshots, logs, or recordings
## Our Response Process
After receiving your report, we will:
1. Acknowledge receipt of the report as soon as reasonably possible
2. Review and validate the issue
3. Investigate the impact and determine remediation steps
4. Keep you informed of the progress when appropriate
Please note that response and resolution times may vary depending on the complexity and severity of the issue.
## Responsible Disclosure
We kindly ask that you:
- Give us a reasonable amount of time to investigate and address the issue before any public disclosure
- Avoid accessing, modifying, or deleting data that does not belong to you
- Avoid actions that may negatively affect the availability or integrity of our services
- Act in good faith to avoid privacy violations, service disruption, or data destruction
## Rewards
We do not currently operate a formal bug bounty program.
However, if a reported issue is confirmed to be valid and responsibly disclosed, we may offer a reward at our discretion.
## Thank You
We sincerely appreciate the time and effort of security researchers and users who help us improve the security of our products and services.