Security fixes are provided for the latest released version.

安全修補會提供給最新發布版本。

Preferred channel — GitHub private vulnerability reporting: https://github.com/coseto6125/egent-code-plexus/security/advisories/new

If GitHub private vulnerability reporting is unavailable, open a minimal public issue stating a security contact is needed, without including exploit details.

優先管道：請使用 GitHub private vulnerability reporting https://github.com/coseto6125/egent-code-plexus/security/advisories/new

若 GitHub private vulnerability reporting 不可用，請開一個最小公開 issue 說明需要安全聯絡管道，不要放入漏洞利用細節。

Reports should include:

• Affected version or commit
• Steps to reproduce
• Expected and observed impact
• Any known workaround

回報內容建議包含：

• 受影響的版本或 commit
• 重現步驟
• 預期與實際影響
• 已知暫時緩解方式

• Acknowledge receipt within 7 days.

• Provide an initial assessment within 30 days.

• Coordinate a fix and publish a private advisory; public disclosure follows the advisory release, typically within 90 days of the initial report.

• 7 天內回覆收件確認。

• 30 天內提供初步評估。

• 透過 private advisory 協調修補；公開揭露隨 advisory 發布，通常於初次回報後 90 天內完成。