add some tips

.github/SECURITY.md

@@ -0,0 +1,34 @@
+# 安全漏洞披露政策 / Security Policy
+
+## 支持的版本 / Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| latest  | ✅                 |
+| < latest | ❌                |
+
+## 报告安全漏洞 / Reporting a Vulnerability
+
+如果您发现了安全漏洞，**请不要通过公开 Issue 报告**。
+
+请发送邮件至项目维护者，包含以下信息：
+
+1. 漏洞描述
+2. 复现步骤
+3. 受影响的版本
+4. 可能的影响范围
+
+我们会在 48 小时内确认收到并开始处理。
+
+---
+
+If you discover a security vulnerability, **please do NOT open a public issue**.
+
+Instead, email the project maintainer with the following details:
+
+1. Description of the vulnerability
+2. Steps to reproduce
+3. Affected versions
+4. Potential impact
+
+We will acknowledge receipt within 48 hours and begin working on a fix.