You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Security support status for currently maintained versions:
| Version | Support Status |
|---------|-----------------------|
| 2.x | ✅ Actively Maintained |
| 1.x | ❌ End of Life |
## Vulnerability Reporting
### Submit Vulnerability
Please submit reports via [GitHub Security Advisory](https://github.com/0xJacky/nginx-ui/security/advisories/new) with:
- Affected version(s)
- Detailed vulnerability description
- Reproducible PoC (Proof of Concept)
- Environment configuration details
### Handling Process
- Valid reports will be tracked through private advisory channels
- Within 21-31 days after remediation:
- Request CVE identifier from numbering authorities
- Publish technical details on GitHub Advisory
- Update Release Notes with impact assessment
### Requirements
-**Testing Restrictions**: All security validation must be conducted in locally built isolated environments. Online demo systems are strictly prohibited for testing purposes
-**Environment Isolation**: Testing environments must be network-segregated from production systems. Test traffic must not leak beyond isolated networks
- Destructive testing is prohibited without explicit authorization
- Adhere to Coordinated Disclosure principles
- Vulnerability details must remain confidential until public disclosure
> Security researchers will be acknowledged in project credits based on contribution significance
