Skip to content

Security: openDreamStudioResearch/openSupplyWaterAnalyse

Security

SECURITY.md

Security Policy / 安全策略

English

Supported scope

Security reports are welcome for:

  • file upload and parsing flows
  • export and report generation endpoints
  • authentication or authorization issues if introduced later
  • remote code execution, path traversal, or arbitrary file access risks

Reporting

Please do not open a public issue for suspected security vulnerabilities.

Instead, contact the maintainers privately and include:

  • affected endpoint or module
  • reproduction steps
  • impact assessment
  • logs, screenshots, or sample files if relevant

Response goals

  • acknowledge receipt as soon as possible
  • validate and triage the report
  • prepare a fix or mitigation
  • disclose publicly after a fix is available when appropriate

中文

受理范围

欢迎反馈以下安全问题:

  • 文件上传与解析链路
  • 导出与报表生成接口
  • 后续如引入认证授权后的相关问题
  • 远程代码执行、路径穿越、任意文件访问等风险

报告方式

怀疑存在安全漏洞时,请不要直接公开提交 issue。

请私下联系维护者,并尽量提供:

  • 受影响的接口或模块
  • 复现步骤
  • 影响范围判断
  • 相关日志、截图或样例文件

处理目标

  • 尽快确认已收到报告
  • 复核并分级问题
  • 准备修复或缓解方案
  • 在适当情况下于修复后再公开披露

There aren't any published security advisories