WFGY/SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a potential security vulnerability in WFGY, please report it responsibly:

1. Email: hello@onestardao.com (subject: “[WFGY Security]”)
2. Telegram: Message @PSBigBig with subject “[WFGY Security]” (avoid posting sensitive details in public chats).
3. GitHub Private Issue: If private issues are enabled, open a private issue titled “[Security] WFGY Vulnerability”.
   Please do not disclose detailed vulnerability information in public issue or forum posts to prevent exploitation before a fix is released.

Maintainers will respond within 1–2 business days to acknowledge receipt and discuss next steps.

Response Process

• Upon receiving a report, maintainers will confirm and follow up with you privately.
• A fix will be prepared and released in a new version; the Release Notes will describe the security fix.
• If applicable, maintainers will assist with assigning a CVE and coordinate disclosure timing.

Supported Versions

• Detail which versions are supported with security fixes. Example:
  • “Security fixes will be backported to the latest minor release branch for versions >= 1.0.”
• If you only support the latest release, state that clearly.

Contact

• Email: hello@onestardao.com
• Telegram: @PSBigBig
• GitHub Advisory: https://github.com/onestardao/WFGY/security/advisories (enable this if desired)