QunSheng Lin
e220b36391
Some checks are pending
Build / build_app (push) Waiting to run
Build / build (386, linux) (push) Blocked by required conditions
Build / build (amd64, darwin) (push) Blocked by required conditions
Build / build (amd64, linux) (push) Blocked by required conditions
Build / build (arm, 5, linux) (push) Blocked by required conditions
Build / build (arm, 6, linux) (push) Blocked by required conditions
Build / build (arm, 7, linux) (push) Blocked by required conditions
Build / build (arm64, darwin) (push) Blocked by required conditions
Build / build (arm64, linux) (push) Blocked by required conditions
Build / build (loong64, linux) (push) Blocked by required conditions
Build / build (mips, linux) (push) Blocked by required conditions
Build / build (mips64, linux) (push) Blocked by required conditions
Build / build (mips64le, linux) (push) Blocked by required conditions
Build / build (mipsle, linux) (push) Blocked by required conditions
Build / build (riscv64, linux) (push) Blocked by required conditions
Build / docker-build (push) Blocked by required conditions
Build Documents / build (push) Waiting to run
36 lines
1.4 KiB
Markdown
36 lines
1.4 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Security support status for currently maintained versions:
|
|
|
|
| Version | Support Status |
|
|
|---------|-----------------------|
|
|
| 2.x | ✅ Actively Maintained |
|
|
| 1.x | ❌ End of Life |
|
|
|
|
## Vulnerability Reporting
|
|
|
|
### Submit Vulnerability
|
|
Please submit reports via [GitHub Security Advisory](https://github.com/0xJacky/nginx-ui/security/advisories/new) with:
|
|
- Affected version(s)
|
|
- Detailed vulnerability description
|
|
- Reproducible PoC (Proof of Concept)
|
|
- Environment configuration details
|
|
|
|
### Handling Process
|
|
- Valid reports will be tracked through private advisory channels
|
|
- Within 21-31 days after remediation:
|
|
- Request CVE identifier from numbering authorities
|
|
- Publish technical details on GitHub Advisory
|
|
- Update Release Notes with impact assessment
|
|
|
|
### Requirements
|
|
- **Testing Restrictions**: All security validation must be conducted in locally built isolated environments. Online demo systems are strictly prohibited for testing purposes
|
|
- **Environment Isolation**: Testing environments must be network-segregated from production systems. Test traffic must not leak beyond isolated networks
|
|
- Destructive testing is prohibited without explicit authorization
|
|
- Adhere to Coordinated Disclosure principles
|
|
- Vulnerability details must remain confidential until public disclosure
|
|
|
|
> Security researchers will be acknowledged in project credits based on contribution significance
|