Current release: v1.3.5

We take the security of ACCIL seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via email to acac74151@gmail.com.

You should receive a response within 7×24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the following information:

• Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

We prefer all communications to be in English or Chinese.

When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:

1. Confirm the problem and determine the affected versions
2. Audit code to find any potential similar problems
3. Prepare fixes for all supported versions
4. Release new versions and update the changelog

If you have suggestions on how this process could be improved, please submit a pull request.

当前发布版本： v1.3.5

我们认真对待 ACCIL 的安全问题。如果您发现安全漏洞，请按以下方式进行报告。

请不要通过公共 GitHub Issue 报告安全漏洞。

请通过电子邮件发送至 acac74151@gmail.com。

您应该在7×24小时内收到回复。如果由于某种原因您没有收到，请通过电子邮件跟进以确保我们收到了您的原始消息。

请包括以下信息：

• 问题类型（例如：缓冲区溢出、SQL注入、跨站脚本等）
• 与问题表现相关的源文件完整路径
• 受影响源代码的位置（标签/分支/提交或直接URL）
• 重现问题所需的任何特殊配置
• 重现问题的逐步说明
• 概念验证或利用代码（如果可能）
• 问题的影响，包括攻击者如何利用它

我们倾向于使用英文或中文进行所有交流。

当我们收到安全错误报告时，我们会将其分配给主要处理人。此人将协调修复和发布过程，包括以下步骤：

1. 确认问题并确定受影响的版本
2. 审核代码以查找任何潜在的类似问题
3. 为所有支持的版本准备修复
4. 发布新版本并更新变更日志

如果您对如何改进此流程有建议，请提交 Pull Request。