Skip to content

Security: sevoniva/.github

Security

SECURITY.md

Security

Sevoniva maintains several public repositories for data platforms and engineering tools. Security reports should be handled privately first.

Reporting a vulnerability

  • Do not publish exploit details in a public issue.
  • Use GitHub private vulnerability reporting when it is available on the affected repository.
  • If private reporting is not available, contact the maintainer through the public GitHub profile and coordinate a private channel before sharing details.

What to include

  • Affected repository and version or commit.
  • Steps to reproduce.
  • Impact and affected data or permissions.
  • Any known workaround.

中文

Sevoniva 维护多个数据平台和工程工具相关公开仓库。安全问题应先通过私密渠道处理。

报告安全问题时:

  • 不要在公开 issue 中发布漏洞细节或利用方式。
  • 如果相关仓库已开启 GitHub private vulnerability reporting,请优先使用该入口。
  • 如果没有私密报告入口,请先通过维护者的公开 GitHub 主页联系,确认私密沟通渠道后再提供细节。

建议包含:

  • 受影响的仓库、版本或 commit。
  • 复现步骤。
  • 影响范围,以及可能涉及的数据或权限。
  • 已知临时规避方案。

There aren't any published security advisories