If you discover potential security issues in the project, or believe you may have found a security issue, please notify the ByteDance security team through our security center or vulnerability reporting email. Please do not create public GitHub Issues.

We will assess the vulnerability based on the Common Vulnerability Scoring System (CVSS 3.1). The security team will keep you updated on key progress and may request further information or guidance from you. You are welcome to contact us via the email or website mentioned above to ask questions or discuss disclosure matters.

To protect the security of our customers, ByteDance requests that you do not publish or share information regarding the vulnerability in any public forum, nor publish or share data involving users, until the vulnerability has been remediated and our users have been notified. Please understand that the time required for remediation depends on the severity of the vulnerability and the scope of the impact.

Individuals, companies, and security teams may wish to publish security advisories on their own websites or other forums. Please contact us via the email or website mentioned above prior to publication to discuss the information that can be disclosed and to coordinate the disclosure timeline.

[For the policy of bug bounty reward](🚀ByteDance Security Response Center Security Report Handling Rules V6.0), if you have any questions about the rules, please contact https://src.bytedance.com/home for consultation.