| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security seriously. If you discover a security vulnerability within Deck, please follow these steps:
- Open a public GitHub issue
- Disclose the vulnerability publicly before it's fixed
- Exploit the vulnerability
-
Email us directly at [email protected] with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
-
Use a descriptive subject line like "Security Vulnerability in Deck"
-
Allow time for response - We aim to respond within 48 hours
- Acknowledgment: We'll confirm receipt within 48 hours
- Assessment: We'll assess the vulnerability and determine severity
- Fix Development: We'll develop and test a fix
- Release: We'll release a patched version
- Disclosure: After the fix is released, we'll publicly acknowledge the vulnerability and credit you (if desired)
The following are in scope:
- Deck macOS application
- Any data handling or storage mechanisms
- Authentication/authorization (for Pro features)
- Social engineering attacks
- Physical attacks
- Denial of service attacks
- Issues in dependencies (report to the dependency maintainer)
- Download from official sources only - GitHub Releases or our website
- Verify checksums - Check SHA256 checksums before installing
- Keep Deck updated - Install security updates promptly
- Review permissions - Only grant necessary permissions
| 版本 | 支持状态 |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
我们非常重视安全问题。如果你在 Deck 中发现安全漏洞,请按以下步骤操作:
- 公开提交 GitHub Issue
- 在漏洞修复前公开披露
- 利用该漏洞
-
直接发送邮件 至 [email protected],包含:
- 漏洞描述
- 复现步骤
- 潜在影响
- 建议的修复方案(可选)
-
使用描述性的邮件主题,如 "Deck 安全漏洞"
-
等待回复 - 我们会在 48 小时内回复
- 确认收到:48 小时内确认
- 评估:评估漏洞并确定严重程度
- 修复开发:开发并测试修复方案
- 发布:发布修复版本
- 披露:修复发布后,我们会公开致谢(如你愿意)
- Deck macOS 应用程序
- 任何数据处理或存储机制
- 社会工程攻击
- 物理攻击
- 拒绝服务攻击
- 依赖项中的问题(请向依赖项维护者报告)
- 仅从官方渠道下载 - GitHub Releases 或我们的官网
- 验证校验和 - 安装前检查 SHA256 校验和
- 保持更新 - 及时安装安全更新
- 审查权限 - 仅授予必要的权限
感谢你帮助保护 Deck 和用户的安全!