Security reports are welcome for:
- file upload and parsing flows
- export and report generation endpoints
- authentication or authorization issues if introduced later
- remote code execution, path traversal, or arbitrary file access risks
Please do not open a public issue for suspected security vulnerabilities.
Instead, contact the maintainers privately and include:
- affected endpoint or module
- reproduction steps
- impact assessment
- logs, screenshots, or sample files if relevant
- acknowledge receipt as soon as possible
- validate and triage the report
- prepare a fix or mitigation
- disclose publicly after a fix is available when appropriate
欢迎反馈以下安全问题:
- 文件上传与解析链路
- 导出与报表生成接口
- 后续如引入认证授权后的相关问题
- 远程代码执行、路径穿越、任意文件访问等风险
怀疑存在安全漏洞时,请不要直接公开提交 issue。
请私下联系维护者,并尽量提供:
- 受影响的接口或模块
- 复现步骤
- 影响范围判断
- 相关日志、截图或样例文件
- 尽快确认已收到报告
- 复核并分级问题
- 准备修复或缓解方案
- 在适当情况下于修复后再公开披露