| Version | Supported |
|---|---|
| all support | Yes |
We take security seriously. If you find a security issue in Deck, please report it privately using the process below.
- Open a public GitHub issue for security reports.
- Disclose the issue publicly before a fix is released.
- Attempt to exploit the issue.
- Email
yuzeguitar@gmail.comwith:- A clear description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix (optional)
- Use a clear subject line, for example:
Security Vulnerability in Deck - Allow up to 48 hours for our first response.
- Acknowledgment: We confirm receipt within 48 hours.
- Assessment: We evaluate impact and severity.
- Fix: We develop and test a patch.
- Release: We ship a fixed version.
- Disclosure: After release, we may publicly acknowledge the report and credit you (if you want).
- Deck macOS application
- Data handling and storage mechanisms
- Social engineering attacks
- Physical attacks
- Denial-of-service attacks
- Vulnerabilities in third-party dependencies (please report to the dependency maintainer)
- Download Deck only from official sources (GitHub Releases or our official website).
- Verify SHA256 checksums before installation.
- Keep Deck updated to the latest version.
- Grant only the permissions Deck actually needs.
| 版本 | 支持状态 |
|---|---|
| all support | 支持 |
我们非常重视安全问题。如果你在 Deck 中发现了安全漏洞,请按以下流程私下提交。
- 通过公开 GitHub Issue 提交安全漏洞
- 在修复发布前公开披露漏洞
- 主动利用漏洞进行测试或攻击
- 发送邮件到
yuzeguitar@gmail.com,并尽量包含:- 漏洞的清晰描述
- 复现步骤
- 潜在影响
- 可选的修复建议
- 邮件主题建议使用:
Deck 安全漏洞 - 我们会在 48 小时内进行首次回复,请耐心等待。
- 确认收件:48 小时内确认收到报告
- 风险评估:评估影响范围和严重程度
- 修复验证:开发并测试修复方案
- 发布修复:发布包含修复的版本
- 公开披露:在修复发布后,酌情公开说明并感谢报告者(如其愿意)
- Deck macOS 应用
- 数据处理和存储机制
- 社会工程攻击
- 物理攻击
- 拒绝服务(DoS)攻击
- 第三方依赖项的漏洞(请直接联系对应维护者)
- 仅从官方渠道(GitHub Releases 或官网)下载 Deck。
- 安装前验证 SHA256 校验和。
- 保持 Deck 为最新版本。
- 只授予 Deck 所需的权限。
感谢你帮助我们一起保护 Deck 和用户的安全。