The main branch is the actively supported branch.

当前主要维护的分支是 main。

Please do not open a public issue for a security vulnerability.

安全漏洞请不要通过公开 issue 提交。

Report privately with:

• affected component
• reproduction steps
• impact assessment
• suggested mitigation if available

私下报告时请尽量附上：

• 受影响组件
• 复现步骤
• 影响评估
• 可选的缓解建议

Until a dedicated mailbox is published, use GitHub Security Advisories for the repository.

在专门安全邮箱上线之前，请优先使用仓库的 GitHub Security Advisories。

1. Triage and acknowledgement.

2. Reproduce and validate impact.

3. Prepare and review the patch.

4. Coordinate disclosure and release notes.

5. 分级与确认。

6. 复现并验证影响范围。

7. 准备补丁并完成评审。

8. 协调披露与发布说明。