DroidGit takes the security of our software and the privacy of our users seriously. This document outlines our security policy and how to report vulnerabilities.

We currently support the following versions of DroidGit with security updates:

We recommend always using the latest version of DroidGit to ensure you have the most recent security patches and features.

If you discover a security vulnerability within DroidGit, please report it to us as soon as possible. We appreciate your help in keeping DroidGit secure.

To report a vulnerability, please use one of the following methods:

1. GitHub Security Advisories: You can report vulnerabilities privately through the GitHub Security Advisory feature. This is the preferred method as it allows for private communication and coordinated disclosure.
2. Email: If you are unable to use GitHub Security Advisories, you can contact the maintainer directly. (Note: Please check the project's GitHub profile for preferred contact methods if not listed here).

When reporting a vulnerability, please provide the following details to help us understand and resolve the issue:

• Description: A clear and detailed description of the vulnerability.
• Impact: What could an attacker achieve by exploiting this vulnerability?
• Steps to Reproduce: Detailed steps, including any necessary configuration or code snippets, to reproduce the issue.
• Environment: The version of DroidGit, Android version, and any other relevant environment details.
• Proof of Concept (Optional): If available, provide a PoC to demonstrate the exploit.

Once a vulnerability is reported:

1. Acknowledgment: We will acknowledge receipt of your report within 48-72 hours.
2. Investigation: We will investigate the issue and determine its impact and severity.
3. Fix and Disclosure: If confirmed, we will work on a fix. We follow a coordinated disclosure process and will release the fix along with a security advisory once it is ready.
4. Credit: We are happy to credit the discoverer in our security advisories and release notes, unless requested otherwise.

DroidGit 非常重视软件安全和用户隐私。本文件概述了我们的安全政策以及如何报告漏洞。

我们目前为以下版本的 DroidGit 提供安全更新：

我们建议始终使用最新版本的 DroidGit，以确保您获得最新的安全补丁和功能。

如果您发现 DroidGit 中的安全漏洞，请尽快向我们报告。感谢您帮助我们维护 DroidGit 的安全。

请通过以下方式之一报告漏洞：

1. GitHub 安全公告 (GitHub Security Advisories)：您可以通过 GitHub Security Advisory 功能私下报告漏洞。这是首选方法，因为它允许私下沟通和协调披露。
2. 私信或邮件：如果您无法使用 GitHub 安全公告，请直接联系维护者。

报告漏洞时，请提供以下详细信息，以帮助我们理解并解决问题：

• 描述：清晰且详细的漏洞描述。
• 影响：攻击者通过利用此漏洞可以实现什么？
• 复现步骤：详细的复现步骤，包括任何必要的配置或代码片段。
• 环境信息：DroidGit 版本、Android 版本以及任何其他环境细节。
• 概念验证 (PoC - 可选)：如果可行，请提供 PoC 来演示漏洞利用。

收到漏洞报告后：

1. 确认：我们将在 48-72 小时内确认收到您的报告。
2. 调查：我们将调查问题并确定其影响和严重程度。
3. 修复与披露：如果漏洞确认属实，我们将进行修复。我们遵循协调披露流程，并在修复就绪后发布安全公告。
4. 致谢：除非另有要求，否则我们很乐意在安全公告和发布说明中为发现者提供署名致谢。