diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..dd6d108 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +If you find a security vulnerability in any Commit Check project, please report it privately. + +## Reporting a Vulnerability + +**Do not open a public GitHub issue.** Instead, send an email to: + +**[xianpeng.shen@gmail.com](mailto:xianpeng.shen@gmail.com)** + +Please include: + +- Which project and version is affected +- A description of the issue and its impact +- Steps to reproduce (or a proof of concept) + +You will receive an acknowledgment within 48 hours, followed by a plan for resolution. + +## Supported Versions + +Only the latest release of each project receives security patches. Please keep your dependencies up to date.