Skip to content

Security: zhenyu666-debug/xiaohongshu-Loop

Security

SECURITY.md

# Security Policy ## Supported versions Only the latest minor version receives security fixes. | Version | Supported | | ------- | ------------------ | | 0.5.x | ✅ | | < 0.5 | ❌ | ## Reporting a vulnerability **Please do NOT open a public issue for security problems.** Use [GitHub's private vulnerability reporting](https://github.com/zhenyu666-debug/xiaohongshu-Loop/security/advisories/new): 1. Go to the "Security" tab 2. Click "Advisories" -> "New draft security advisory" 3. Fill in: - **Title**: short summary - **Description**: affected component, impact, reproduction - **Severity**: critical / high / medium / low (your best estimate) 4. Submit We will acknowledge within 48 hours and provide a fix timeline. ## What we consider a vulnerability - Remote code execution via the dashboard / API - Cookie / session leakage across accounts - SQL / NoSQL injection - Path traversal in file uploads / downloads - SSRF in any of the proxying layers - Supply chain: malicious dependency in `requirements*.txt` ## What we do NOT consider a vulnerability - Detection by xiaohongshu / other platforms' anti-bot (use a different account) - Cookie expiration / rotation issues - Performance issues (open a regular issue) - Anything that requires the user to provide their own cookies ## Disclosure policy - We follow **coordinated disclosure**: 90 days from report to public fix - Critical issues may be fixed faster - We credit reporters in the release notes (unless you ask to stay anonymous)

There aren't any published security advisories