mirror of
https://github.com/langgenius/dify.git
synced 2026-06-08 00:41:55 +08:00
28 lines
1.1 KiB
Markdown
28 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you believe you have found a security vulnerability in Dify, please report it privately through GitHub Security Advisories:
|
|
|
|
https://github.com/langgenius/dify/security/advisories/new
|
|
|
|
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
|
|
|
|
When submitting a report, include as much relevant information as you can safely provide, such as:
|
|
|
|
- A description of the vulnerability
|
|
- Steps to reproduce, if safe to share privately
|
|
- Affected components, versions, or configurations
|
|
- Potential impact
|
|
- Any suggested mitigation or fix, if available
|
|
|
|
The maintainers will review reports submitted through GitHub Security Advisories and coordinate follow-up there.
|
|
|
|
## Public Disclosure
|
|
|
|
Please avoid publicly disclosing details of a vulnerability until it has been reviewed and, where appropriate, a fix or mitigation has been made available.
|
|
|
|
## Security Updates
|
|
|
|
Security fixes may be released through normal project releases or other appropriate channels. Users are encouraged to keep Dify deployments up to date.
|