Sevoniva maintains several public repositories for data platforms and engineering tools. Security reports should be handled privately first.
- Do not publish exploit details in a public issue.
- Use GitHub private vulnerability reporting when it is available on the affected repository.
- If private reporting is not available, contact the maintainer through the public GitHub profile and coordinate a private channel before sharing details.
- Affected repository and version or commit.
- Steps to reproduce.
- Impact and affected data or permissions.
- Any known workaround.
Sevoniva 维护多个数据平台和工程工具相关公开仓库。安全问题应先通过私密渠道处理。
报告安全问题时:
- 不要在公开 issue 中发布漏洞细节或利用方式。
- 如果相关仓库已开启 GitHub private vulnerability reporting,请优先使用该入口。
- 如果没有私密报告入口,请先通过维护者的公开 GitHub 主页联系,确认私密沟通渠道后再提供细节。
建议包含:
- 受影响的仓库、版本或 commit。
- 复现步骤。
- 影响范围,以及可能涉及的数据或权限。
- 已知临时规避方案。