You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Security Policy
## Supported versions
Only the latest minor version receives security fixes.
| Version | Supported |
| ------- | ------------------ |
| 0.5.x | ✅ |
| < 0.5 | ❌ |
## Reporting a vulnerability
**Please do NOT open a public issue for security problems.**
Use [GitHub's private vulnerability reporting](https://github.com/zhenyu666-debug/xiaohongshu-Loop/security/advisories/new):
1. Go to the "Security" tab
2. Click "Advisories" -> "New draft security advisory"
3. Fill in:
- **Title**: short summary
- **Description**: affected component, impact, reproduction
- **Severity**: critical / high / medium / low (your best estimate)
4. Submit
We will acknowledge within 48 hours and provide a fix timeline.
## What we consider a vulnerability
- Remote code execution via the dashboard / API
- Cookie / session leakage across accounts
- SQL / NoSQL injection
- Path traversal in file uploads / downloads
- SSRF in any of the proxying layers
- Supply chain: malicious dependency in `requirements*.txt`
## What we do NOT consider a vulnerability
- Detection by xiaohongshu / other platforms' anti-bot (use a different account)
- Cookie expiration / rotation issues
- Performance issues (open a regular issue)
- Anything that requires the user to provide their own cookies
## Disclosure policy
- We follow **coordinated disclosure**: 90 days from report to public fix
- Critical issues may be fixed faster
- We credit reporters in the release notes (unless you ask to stay anonymous)