Northern_Lights/cherry-studio
1
0
Fork 0
mirror of https://github.com/CherryHQ/cherry-studio.git synced 2025-12-19 06:30:10 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
4a4d861592
cherry-studio/SECURITY.md
fullex 4a4d861592
docs: Update SECURITY.md 
change email report to Security page report
2025-07-17 23:00:14 +08:00

2.3 KiB
Raw Blame History

Security Policy

📢 Reporting a Vulnerability

At Cherry Studio, we take security seriously and appreciate your efforts to responsibly disclose vulnerabilities. If you discover a security issue, please report it as soon as possible.

Please do not create public issues for security-related reports.

  • To report a security issue, please use the GitHub Security Advisories tab to "Open a draft security advisory".
  • Include a detailed description of the issue, steps to reproduce, potential impact, and any possible mitigations.
  • If applicable, please also attach proof-of-concept code or screenshots.

We will acknowledge your report within 72 hours and provide a status update as we investigate.

🔒 Supported Versions

We aim to support the latest released version and one previous minor release.

Version Supported
Latest (main) Supported
Previous minor Supported
Older versions Not supported

If you are using an unsupported version, we strongly recommend updating to the latest release to receive security fixes.

💡 Security Measures

Cherry Studio integrates several security best practices, including:

  • Strict dependency updates and regular vulnerability scanning.
  • TypeScript strict mode and linting to reduce potential injection or runtime issues.
  • Enforced code formatting and pre-commit hooks.
  • Internal security reviews before releases.
  • Dedicated MCP (Model Context Protocol) safeguards for model interactions and data privacy.

🛡️ Disclosure Policy

  • We follow a coordinated disclosure approach.
  • We will not publicly disclose vulnerabilities until a fix has been developed and released.
  • Credit will be given to researchers who responsibly disclose vulnerabilities, if requested.

🤝 Acknowledgements

We greatly appreciate contributions from the security community and strive to recognize all researchers who help keep Cherry Studio safe.

🌟 Questions?

For any security-related questions not involving vulnerabilities, please reach out to:
security@cherry-ai.com

Thank you for helping keep Cherry Studio and its users secure!