We take the security of Intercept Wave seriously and appreciate responsible disclosure.
We generally support the latest released minor versions. Security fixes for older versions are backported on a best-effort basis.
Please report vulnerabilities privately. Do not open public issues for security-related problems.
- Preferred: Use GitHub Security Advisories to privately report a vulnerability: https://github.com/zhongmiao-org/intercept-wave/security/advisories/new
- If the private reporting option is unavailable for you, open a draft advisory from the Security tab, or contact the maintainers via the repository owners on GitHub.
Please include:
- A clear description of the issue and potential impact
- Steps to reproduce or a proof of concept
- Affected versions and environment details
- Any suggested mitigations
- We will acknowledge receipt within 2 business days
- We aim to provide an initial assessment within 7 business days
- We will work with you on validation, fix, and coordinated disclosure
Thank you for helping improve the security of this project.
我们非常重视 Intercept Wave 的安全,也欢迎负责任的漏洞披露。
我们通常支持最新发布的小版本;对旧版本的安全修复会尽力回补。
请通过私密渠道报告安全问题,不要在公开 Issue 中披露相关细节。
- 首选方式:使用 GitHub Security Advisories 私密报告: https://github.com/zhongmiao-org/intercept-wave/security/advisories/new
- 如无法使用该入口,请在 Security 页面发起草稿公告,或通过 GitHub 与仓库维护者私信联系。
请尽量提供:
- 问题与潜在影响的清晰描述
- 可复现步骤或 PoC
- 受影响版本与环境信息
- 可能的缓解建议
- 我们会在 2 个工作日内确认收到
- 目标在 7 个工作日内给出初步评估
- 将与你协作验证、修复并协同披露
感谢你为提升本项目安全性所做的努力。