我们非常重视安全问题。如果你发现了安全漏洞,请按照以下流程报告。
我们只为最新的主要版本提供安全更新:
| 版本 | 支持状态 |
|---|---|
| 最新版本 | ✅ 支持 |
| 旧版本 | ❌ 不支持 |
我们建议用户始终使用最新版本以获得最佳的安全保障。
请不要通过公开的 GitHub Issue 报告安全漏洞。公开披露可能会让恶意用户在修复发布前利用该漏洞。
请通过以下方式私密报告安全问题:
-
GitHub Security Advisories (推荐)
- 访问相关仓库的 "Security" 标签页
- 点击 "Report a vulnerability"
-
电子邮件
- 发送邮件至维护者(请在组织 Profile 中查找联系方式)
- 邮件标题请注明
[SECURITY]
请在报告中包含以下信息:
- 漏洞类型 - 例如:XSS、信息泄露、权限提升等
- 受影响的版本 - 哪些版本受到影响
- 复现步骤 - 详细的复现步骤
- 影响范围 - 该漏洞可能造成的影响
- 可能的修复方案 - 如果你有建议的话
我们会尽快响应安全报告:
| 阶段 | 预期时间 |
|---|---|
| 初次响应 | 48 小时内 |
| 问题确认 | 7 天内 |
| 修复发布 | 视严重程度,通常 14-30 天 |
我们感谢所有负责任地报告安全问题的研究人员。在漏洞修复后(经你同意),我们会:
- 在发布说明中致谢
- 在安全通告中提及你的贡献
作为用户,你可以采取以下措施保护自己:
- 保持更新 - 始终使用最新版本的插件
- 来源可信 - 只从官方渠道安装插件
- 定期备份 - 定期备份你的 Obsidian Vault
- 审查权限 - 注意插件请求的权限
We take security issues seriously. If you discover a security vulnerability, please follow the process below to report it.
We only provide security updates for the latest major version:
| Version | Support Status |
|---|---|
| Latest | ✅ Supported |
| Older versions | ❌ Not Supported |
We recommend users always use the latest version for optimal security.
Please do not report security vulnerabilities through public GitHub Issues. Public disclosure could allow malicious users to exploit the vulnerability before a fix is released.
Please report security issues privately through:
-
GitHub Security Advisories (Recommended)
- Visit the "Security" tab of the relevant repository
- Click "Report a vulnerability"
-
Email
- Send an email to maintainers (find contact info in organization Profile)
- Include
[SECURITY]in the subject line
Please include the following information in your report:
- Vulnerability type - e.g., XSS, information disclosure, privilege escalation
- Affected versions - Which versions are affected
- Reproduction steps - Detailed steps to reproduce
- Impact scope - Potential impact of the vulnerability
- Possible fix - If you have suggestions
We will respond to security reports as quickly as possible:
| Stage | Expected Time |
|---|---|
| Initial Response | Within 48 hours |
| Issue Confirmation | Within 7 days |
| Fix Release | Depending on severity, typically 14-30 days |
We appreciate all researchers who responsibly report security issues. After the vulnerability is fixed (with your consent), we will:
- Credit you in release notes
- Mention your contribution in security advisories
As a user, you can take these measures to protect yourself:
- Stay Updated - Always use the latest version of plugins
- Trusted Sources - Only install plugins from official channels
- Regular Backups - Regularly backup your Obsidian Vault
- Review Permissions - Pay attention to permissions requested by plugins
安全问题?请私密联系我们 | Security issue? Please contact us privately 🔐