# Security Policy

## Vulnerability Reporting

If you discover a security vulnerability in FastGPT, please follow the steps below to report it:

1. **How to Report**
   You can submit a report at https://github.com/labring/FastGPT/security/advisories.

2. **Response Time**
   - We will acknowledge receipt of your report within 48 hours.
   - An initial assessment will generally be provided within 3 business days.

3. **Vulnerability Handling Process**
   - **Confirmation**: We will verify the existence and scope of impact of the vulnerability.
   - **Fix Development**: A fix will be developed for confirmed vulnerabilities.
   - **Release**: Security patches will be released in the next version update.
   - **Public Disclosure**: After the fix is complete, relevant information will be published in the changelog.

4. **Important Notes**
   - Please do not publicly disclose vulnerability details before a fix has been released.
   - We welcome responsible vulnerability disclosure.
   - Significant contributors will be acknowledged in the project's credits.

Thank you for contributing to the security of FastGPT!