Northern_Lights/cherry-studio
1
0
Fork 0
mirror of https://github.com/CherryHQ/cherry-studio.git synced 2025-12-19 06:30:10 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Create SECURITY.md (#8158)

Browse Source
This commit is contained in:
2h0ng 2025-07-16 18:53:05 -07:00 committed by GitHub
parent 3cd1dece52
commit ff0994e1c7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
SECURITY.md Normal file
View File

@ -0,0 +1,64 @@
# Security Policy
## 📢 Reporting a Vulnerability
At Cherry Studio, we take security seriously and appreciate your efforts to responsibly disclose vulnerabilities. If you discover a security issue, please report it as soon as possible.
**Please do not create public issues for security-related reports.**
- Contact us directly via **security@cherry-ai.com**.
- Include a detailed description of the issue, steps to reproduce, potential impact, and any possible mitigations.
- If applicable, please also attach proof-of-concept code or screenshots.
We will acknowledge your report within **72 hours** and provide a status update as we investigate.
---
## 🔒 Supported Versions
We aim to support the latest released version and one previous minor release.
| Version | Supported |
|-----------------|--------------------|
| Latest (`main`) | ✅ Supported |
| Previous minor | ✅ Supported |
| Older versions | ❌ Not supported |
If you are using an unsupported version, we strongly recommend updating to the latest release to receive security fixes.
---
## 💡 Security Measures
Cherry Studio integrates several security best practices, including:
- Strict dependency updates and regular vulnerability scanning.
- TypeScript strict mode and linting to reduce potential injection or runtime issues.
- Enforced code formatting and pre-commit hooks.
- Internal security reviews before releases.
- Dedicated MCP (Model Context Protocol) safeguards for model interactions and data privacy.
---
## 🛡️ Disclosure Policy
- We follow a **coordinated disclosure** approach.
- We will not publicly disclose vulnerabilities until a fix has been developed and released.
- Credit will be given to researchers who responsibly disclose vulnerabilities, if requested.
---
## 🤝 Acknowledgements
We greatly appreciate contributions from the security community and strive to recognize all researchers who help keep Cherry Studio safe.
---
## 🌟 Questions?
For any security-related questions not involving vulnerabilities, please reach out to:
**security@cherry-ai.com**
---
Thank you for helping keep Cherry Studio and its users secure!