From 26b6b1044b0253c5ead7d5a90eaa10ff67ac2582 Mon Sep 17 00:00:00 2001 From: Aaron Liu Date: Sat, 6 Jun 2026 11:28:13 +0800 Subject: [PATCH] doc: update security policy --- SECURITY.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index ff390bab..ce498343 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,11 +2,13 @@ ## Supported Versions -* For security issues with high-impacts (e.g. related to payments or user permission), we support 3.8.x and all 4.x version. But the fix for 4.x will released only in latest sub-version. -* For all other security issues, we mainly support version >= 4.x (in which `x` is the latest stable sub-version). +* For security issues with high impact (e.g. related to payments or user permissions), we support 3.8.x and all 4.x versions. Fixes for 4.x will be released only in the latest sub-version. +* For all other security issues, we mainly support versions >= 4.x (where `x` is the latest stable sub-version). ## Reporting a Vulnerability -Please send the details about the security issue to `support@cloudreve.org`. Once the vulnerability is comfirmed or fixed, you will get updates from the email thread. +Please report security vulnerabilities privately through GitHub's [Security Advisories](https://github.com/cloudreve/Cloudreve/security/advisories/new) by opening a new draft advisory in this repository. -We will reward you with bounty/swag for success submission of securty issues. +Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests. + +Once the vulnerability is confirmed or fixed, you will receive updates through the advisory thread.