mirror of
https://github.com/toeverything/AFFiNE.git
synced 2024-11-23 15:12:28 +03:00
30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
We recommend users to always use the latest major version. Security updates will be provided for the current major version until the next major version is released.
|
|
|
|
| Version | Supported |
|
|
| --------------- | ------------------ |
|
|
| 0.17.x (stable) | :white_check_mark: |
|
|
| < 0.17.x | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
We welcome you to provide us with bug reports via and email at [security@toeverything.info](mailto:security@toeverything.info). We expect your report to contain at least the following for us to evaluate and reproduce:
|
|
|
|
1. Using platform and version, for example:
|
|
|
|
- macos arm64 0.12.0-canary-202402220729-0868ac6
|
|
- app.affine.pro 0.12.0-canary-202402220729-0868ac6
|
|
|
|
2. A sets of video or screenshot containing the reproduce steps that proves you successfully exploited the vulnerability, preferably including the time and software version of the successful exploit.
|
|
|
|
3. Your classification or analysis of the vulnerability (optional)
|
|
|
|
Since we are an open source project, we also welcome you to provide corresponding fix PRs.
|
|
|
|
We will provide bounties for vulnerabilities involving user information leakage, permission leakage, and unauthorized code execution. For other types of vulnerabilities, we will determine specific rewards based on the evaluation results.
|
|
|
|
If the vulnerability is caused by a library we depend on, we encourage you to submit a security report to the corresponding dependent library at the same time to benefit more users.
|