If you discover a potential security vulnerability in WFGY, please report it responsibly:
- Email: [email protected] (subject: “[WFGY Security]”)
- Telegram: Message @PSBigBig with subject “[WFGY Security]” (avoid posting sensitive details in public chats).
- GitHub Private Issue: If private issues are enabled, open a private issue titled “[Security] WFGY Vulnerability”.
Please do not disclose detailed vulnerability information in public issue or forum posts to prevent exploitation before a fix is released.
Maintainers will respond within 1–2 business days to acknowledge receipt and discuss next steps.
- Upon receiving a report, maintainers will confirm and follow up with you privately.
- A fix will be prepared and released in a new version; the Release Notes will describe the security fix.
- If applicable, maintainers will assist with assigning a CVE and coordinate disclosure timing.
- Detail which versions are supported with security fixes. Example:
- “Security fixes will be backported to the latest minor release branch for versions >= 1.0.”
- If you only support the latest release, state that clearly.
- Email: [email protected]
- Telegram: @PSBigBig
- GitHub Advisory: https://github.com/onestardao/WFGY/security/advisories (enable this if desired)