Thank you for helping keep Kun and its users safe.
Security fixes are generally applied to the latest maintained code on the default branch and to the latest published release when practical. Older versions may not receive patches.
Please do not open public GitHub issues for security-sensitive bugs.
Instead, report vulnerabilities privately through one of these channels:
- email: zhongxingyuemail@gmail.com
- GitHub Security Advisories: use the repository's private vulnerability reporting flow if enabled
When possible, include:
- a clear description of the issue
- affected version, commit, or release tag
- reproduction steps or proof of concept
- impact assessment
- any suggested mitigation
We aim to:
- acknowledge new reports within 3 business days
- confirm whether the issue is in scope
- keep the reporter informed as triage progresses
- publish a fix or mitigation as quickly as responsibly possible
Please report issues such as:
- remote code execution or privilege escalation
- unsafe file access or sandbox bypass
- credential, token, or secret leakage
- updater, packaging, or release integrity weaknesses
- vulnerabilities in bundled local services or integration paths
Please avoid public disclosure until a fix or mitigation is available and maintainers have had reasonable time to respond.