我们非常重视安全问题。如果您发现了安全漏洞，请不要公开报告，而是通过以下方式私下报告：

We take security issues very seriously. If you discover a security vulnerability, please do not report it publicly. Instead, please report it privately through the following methods:

• 邮箱: z_zz@u.nus.edu
• 主题: [SECURITY] 安全漏洞报告 / Security Vulnerability Report
• 响应时间: 24小时内 / Response Time: Within 24 hours

• GitHub Issues: 使用 security 标签 / Use security label
• 邮箱: z_zz@u.nus.edu
• 响应时间: 72小时内 / Response Time: Within 72 hours

请包含以下信息：/ Please include the following information:

• 漏洞类型: 描述漏洞的性质 / Vulnerability Type: Describe the nature of the vulnerability
• 影响范围: 说明漏洞可能造成的影响 / Impact Scope: Explain the potential impact of the vulnerability
• 复现步骤: 详细描述如何复现漏洞 / Reproduction Steps: Detailed description of how to reproduce the vulnerability

• 受影响的组件: 列出受影响的代码或功能 / Affected Components: List affected code or functionality
• 环境信息: 操作系统、浏览器版本等 / Environment Info: OS, browser version, etc.
• 错误日志: 相关的错误信息或日志 / Error Logs: Relevant error messages or logs

• 修复建议: 如果您有修复建议，请提供 / Fix Suggestions: If you have fix suggestions, please provide
• 临时缓解: 临时解决方案（如有） / Temporary Mitigation: Temporary solutions (if any)

• 确认收到漏洞报告 / Acknowledge receipt of vulnerability report
• 评估漏洞的严重性 / Assess severity of vulnerability
• 确定响应优先级 / Determine response priority

• 技术团队分析漏洞 / Technical team analyzes vulnerability
• 评估潜在影响 / Assess potential impact
• 制定修复计划 / Develop fix plan

• 开发安全修复 / Develop security fix
• 测试修复效果 / Test fix effectiveness
• 发布安全更新 / Release security update

• 发布安全公告 / Publish security advisory
• 致谢报告者 / Acknowledge reporter
• 更新安全策略 / Update security policy

• 遵循安全编码规范 / Follow secure coding practices
• 定期更新依赖包 / Regularly update dependencies
• 使用安全的开发工具 / Use secure development tools
• 进行代码安全审查 / Conduct code security reviews

• 及时更新到最新版本 / Update to latest version promptly
• 报告可疑的安全问题 / Report suspicious security issues
• 遵循安全使用指南 / Follow security usage guidelines
• 保护个人隐私信息 / Protect personal privacy information

• 紧急修复: 发现后立即发布 / Emergency Fixes: Released immediately upon discovery
• 重要修复: 1-2周内发布 / Important Fixes: Released within 1-2 weeks
• 常规修复: 月度发布 / Regular Fixes: Monthly releases

• GitHub Releases 页面 / GitHub Releases page
• 项目状态更新 / Project status updates
• 邮件通知（重要安全更新）/ Email notifications (for critical security updates)

• 邮箱: z_zz@u.nus.edu
• 响应时间: 工作日24小时内 / Response Time: Within 24 hours on weekdays

• GitHub Issues: 安全相关问题
• 标签: 使用 security 标签 / Use security label

我们感谢所有负责任地报告安全漏洞的研究者和贡献者。您的贡献帮助我们保持项目的安全性。

We thank all researchers and contributors who responsibly report security vulnerabilities. Your contributions help us maintain the security of the project.

注意: 本安全策略旨在保护项目用户和贡献者的安全。我们承诺及时响应和处理所有安全问题。 Note: This security policy is designed to protect the security of project users and contributors. We are committed to responding to and handling all security issues in a timely manner.