From 328176bca291f83d58eba8ddedfd8ad200feadb8 Mon Sep 17 00:00:00 2001
From: W1y1r <2730956796@qq.com>
Date: Mon, 13 Oct 2025 18:01:46 +0800
Subject: [PATCH] Supplementary vulnerability issue report document

---
 src/.vuepress/sidebar_timecho/V1.3.x/en.ts    |  1 +
 src/.vuepress/sidebar_timecho/V1.3.x/zh.ts    |  1 +
 .../sidebar_timecho/V2.0.x/en-Table.ts        |  1 +
 .../sidebar_timecho/V2.0.x/en-Tree.ts         |  1 +
 .../sidebar_timecho/V2.0.x/zh-Table.ts        |  1 +
 .../sidebar_timecho/V2.0.x/zh-Tree.ts         |  1 +
 .../Vulnerability-submission.md               | 56 +++++++++++++++++++
 .../Vulnerability-submission.md               | 56 +++++++++++++++++++
 .../Vulnerability-submission.md               | 56 +++++++++++++++++++
 .../Vulnerability-submission.md               | 56 +++++++++++++++++++
 .../Vulnerability-submission.md               | 56 +++++++++++++++++++
 .../Vulnerability-submission.md               | 56 +++++++++++++++++++
 .../Vulnerability-submission.md               | 54 ++++++++++++++++++
 .../Vulnerability-submission.md               | 54 ++++++++++++++++++
 .../Vulnerability-submission.md               | 54 ++++++++++++++++++
 .../Vulnerability-submission.md               | 53 ++++++++++++++++++
 .../Vulnerability-submission.md               | 54 ++++++++++++++++++
 .../Vulnerability-submission.md               | 54 ++++++++++++++++++
 18 files changed, 665 insertions(+)
 create mode 100644 src/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/zh/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/zh/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/zh/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/zh/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/zh/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md
 create mode 100644 src/zh/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md

diff --git a/src/.vuepress/sidebar_timecho/V1.3.x/en.ts b/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
index 1edccc984..eb86bb4ea 100644
--- a/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
+++ b/src/.vuepress/sidebar_timecho/V1.3.x/en.ts
@@ -31,6 +31,7 @@ export const enSidebar = {
         { text: 'IoTDB Introduction', link: 'IoTDB-Introduction_timecho' },
         { text: 'Scenario', link: 'Scenario' },
         { text: 'Release History', link: 'Release-history_timecho' },
+        { text: 'Vulnerability submission', link: 'Vulnerability-submission' },
       ],
     },
     {
diff --git a/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts b/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
index ae5b24f91..1960dd121 100644
--- a/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
+++ b/src/.vuepress/sidebar_timecho/V1.3.x/zh.ts
@@ -31,6 +31,7 @@ export const zhSidebar = {
         { text: '产品介绍', link: 'IoTDB-Introduction_timecho' },
         { text: '应用场景', link: 'Scenario' },
         { text: '发布历史', link: 'Release-history_timecho' },
+        { text: '漏洞提报', link: 'Vulnerability-submission' },
       ],
     },
     {
diff --git a/src/.vuepress/sidebar_timecho/V2.0.x/en-Table.ts b/src/.vuepress/sidebar_timecho/V2.0.x/en-Table.ts
index 247a7c120..8c620776a 100644
--- a/src/.vuepress/sidebar_timecho/V2.0.x/en-Table.ts
+++ b/src/.vuepress/sidebar_timecho/V2.0.x/en-Table.ts
@@ -30,6 +30,7 @@ export const enSidebar = {
         { text: 'IoTDB Introduction', link: 'IoTDB-Introduction_timecho' },
         { text: 'Scenario', link: 'Scenario' },
         { text: 'Release History', link: 'Release-history_timecho' },
+        { text: 'Vulnerability submission', link: 'Vulnerability-submission' },
       ],
     },
     {
diff --git a/src/.vuepress/sidebar_timecho/V2.0.x/en-Tree.ts b/src/.vuepress/sidebar_timecho/V2.0.x/en-Tree.ts
index 475853632..2f58387c8 100644
--- a/src/.vuepress/sidebar_timecho/V2.0.x/en-Tree.ts
+++ b/src/.vuepress/sidebar_timecho/V2.0.x/en-Tree.ts
@@ -30,6 +30,7 @@ export const enSidebar = {
         { text: 'IoTDB Introduction', link: 'IoTDB-Introduction_timecho' },
         { text: 'Scenario', link: 'Scenario' },
         { text: 'Release History', link: 'Release-history_timecho' },
+        { text: 'Vulnerability submission', link: 'Vulnerability-submission' },
       ],
     },
     {
diff --git a/src/.vuepress/sidebar_timecho/V2.0.x/zh-Table.ts b/src/.vuepress/sidebar_timecho/V2.0.x/zh-Table.ts
index 2cda499e2..d224c920a 100644
--- a/src/.vuepress/sidebar_timecho/V2.0.x/zh-Table.ts
+++ b/src/.vuepress/sidebar_timecho/V2.0.x/zh-Table.ts
@@ -30,6 +30,7 @@ export const zhSidebar = {
         { text: '产品介绍', link: 'IoTDB-Introduction_timecho' },
         { text: '应用场景', link: 'Scenario' },
         { text: '发布历史', link: 'Release-history_timecho' },
+        { text: '漏洞提报', link: 'Vulnerability-submission' },
       ],
     },
     {
diff --git a/src/.vuepress/sidebar_timecho/V2.0.x/zh-Tree.ts b/src/.vuepress/sidebar_timecho/V2.0.x/zh-Tree.ts
index f886d5c78..e692ac99c 100644
--- a/src/.vuepress/sidebar_timecho/V2.0.x/zh-Tree.ts
+++ b/src/.vuepress/sidebar_timecho/V2.0.x/zh-Tree.ts
@@ -30,6 +30,7 @@ export const zhSidebar = {
         { text: '产品介绍', link: 'IoTDB-Introduction_timecho' },
         { text: '应用场景', link: 'Scenario' },
         { text: '发布历史', link: 'Release-history_timecho' },
+        { text: '漏洞提报', link: 'Vulnerability-submission' },
       ],
     },
     {
diff --git a/src/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md b/src/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..e51580a91
--- /dev/null
+++ b/src/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# Vulnerability submission
+
+To ensure the security and user experience of TimechoDB and related tools, we have established a standardized vulnerability response mechanism. If you discover any product vulnerabilities, please follow the process below to provide feedback. We will promptly follow up and keep you updated on the progress.
+
+### 1. Email Reporting Guidelines
+
+When using TimechoDB core products, related ecosystem components, or accompanying operation tools, if you identify security risks or functional abnormalities, please submit your feedback via the dedicated email address with the following requirements:
+
+- Reporting Email: **security@timecho.com**
+
+- To help us locate and verify vulnerabilities more efficiently, please include the following key information in your email:
+  - Core vulnerability details: affected product, module name, vulnerability scenario, description of the vulnerability phenomenon, and reproducible steps.
+  - If available, please attach screenshots, error logs, or other supporting materials, which will significantly improve verification efficiency.
+  
+
+### 2. Verification Result Notification
+
+After receiving your report, we will complete the vulnerability verification as soon as possible and notify you of the results via the original reporting email. There are two specific scenarios:
+
+- **If the vulnerability is verified as "valid"**:
+  - The email will clearly inform you that the "vulnerability has been confirmed" and include the official CNNVD (National Information Security Vulnerability Database) submission guide (with official website link: [www.cnnvd.org.cn](https://www.cnnvd.org.cn/)).
+  - You can follow the guide to submit official vulnerability information to CNNVD.
+- **If the vulnerability is verified as "invalid" or "non-reproducible"**:
+  - If determined as "invalid": the email will clearly explain the reasons why the vulnerability is invalid.
+  - If determined as "non-reproducible": the email will inform you about what additional information is needed, such as more detailed reproduction steps.
+
+### 3. Follow-up Progress on Vulnerabilities**
+
+- If the reported vulnerability is confirmed as valid, you need to complete the official submission through the CNNVD website. When submitting, please fill in the following information as prompted on the webpage:
+  - Basic information: vulnerability name, affected product name, affected product version.
+  - Vulnerability details: complete vulnerability description.
+  - Vulnerability rating: according to official standards, assess the vulnerability level based on the difficulty of exploitation and the impact level after exploitation.
+  
+- Fix Progress and Result Notification
+  - We will arrange the vulnerability repair team to address the issue based on its severity. Once the vulnerability is fixed and released in a new version, we will notify you via the original reporting email about the resolution status: fixed version number, version download/update links, etc., ensuring you can update promptly to mitigate risks.
\ No newline at end of file
diff --git a/src/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md b/src/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..e51580a91
--- /dev/null
+++ b/src/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# Vulnerability submission
+
+To ensure the security and user experience of TimechoDB and related tools, we have established a standardized vulnerability response mechanism. If you discover any product vulnerabilities, please follow the process below to provide feedback. We will promptly follow up and keep you updated on the progress.
+
+### 1. Email Reporting Guidelines
+
+When using TimechoDB core products, related ecosystem components, or accompanying operation tools, if you identify security risks or functional abnormalities, please submit your feedback via the dedicated email address with the following requirements:
+
+- Reporting Email: **security@timecho.com**
+
+- To help us locate and verify vulnerabilities more efficiently, please include the following key information in your email:
+  - Core vulnerability details: affected product, module name, vulnerability scenario, description of the vulnerability phenomenon, and reproducible steps.
+  - If available, please attach screenshots, error logs, or other supporting materials, which will significantly improve verification efficiency.
+  
+
+### 2. Verification Result Notification
+
+After receiving your report, we will complete the vulnerability verification as soon as possible and notify you of the results via the original reporting email. There are two specific scenarios:
+
+- **If the vulnerability is verified as "valid"**:
+  - The email will clearly inform you that the "vulnerability has been confirmed" and include the official CNNVD (National Information Security Vulnerability Database) submission guide (with official website link: [www.cnnvd.org.cn](https://www.cnnvd.org.cn/)).
+  - You can follow the guide to submit official vulnerability information to CNNVD.
+- **If the vulnerability is verified as "invalid" or "non-reproducible"**:
+  - If determined as "invalid": the email will clearly explain the reasons why the vulnerability is invalid.
+  - If determined as "non-reproducible": the email will inform you about what additional information is needed, such as more detailed reproduction steps.
+
+### 3. Follow-up Progress on Vulnerabilities**
+
+- If the reported vulnerability is confirmed as valid, you need to complete the official submission through the CNNVD website. When submitting, please fill in the following information as prompted on the webpage:
+  - Basic information: vulnerability name, affected product name, affected product version.
+  - Vulnerability details: complete vulnerability description.
+  - Vulnerability rating: according to official standards, assess the vulnerability level based on the difficulty of exploitation and the impact level after exploitation.
+  
+- Fix Progress and Result Notification
+  - We will arrange the vulnerability repair team to address the issue based on its severity. Once the vulnerability is fixed and released in a new version, we will notify you via the original reporting email about the resolution status: fixed version number, version download/update links, etc., ensuring you can update promptly to mitigate risks.
\ No newline at end of file
diff --git a/src/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md b/src/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..e51580a91
--- /dev/null
+++ b/src/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# Vulnerability submission
+
+To ensure the security and user experience of TimechoDB and related tools, we have established a standardized vulnerability response mechanism. If you discover any product vulnerabilities, please follow the process below to provide feedback. We will promptly follow up and keep you updated on the progress.
+
+### 1. Email Reporting Guidelines
+
+When using TimechoDB core products, related ecosystem components, or accompanying operation tools, if you identify security risks or functional abnormalities, please submit your feedback via the dedicated email address with the following requirements:
+
+- Reporting Email: **security@timecho.com**
+
+- To help us locate and verify vulnerabilities more efficiently, please include the following key information in your email:
+  - Core vulnerability details: affected product, module name, vulnerability scenario, description of the vulnerability phenomenon, and reproducible steps.
+  - If available, please attach screenshots, error logs, or other supporting materials, which will significantly improve verification efficiency.
+  
+
+### 2. Verification Result Notification
+
+After receiving your report, we will complete the vulnerability verification as soon as possible and notify you of the results via the original reporting email. There are two specific scenarios:
+
+- **If the vulnerability is verified as "valid"**:
+  - The email will clearly inform you that the "vulnerability has been confirmed" and include the official CNNVD (National Information Security Vulnerability Database) submission guide (with official website link: [www.cnnvd.org.cn](https://www.cnnvd.org.cn/)).
+  - You can follow the guide to submit official vulnerability information to CNNVD.
+- **If the vulnerability is verified as "invalid" or "non-reproducible"**:
+  - If determined as "invalid": the email will clearly explain the reasons why the vulnerability is invalid.
+  - If determined as "non-reproducible": the email will inform you about what additional information is needed, such as more detailed reproduction steps.
+
+### 3. Follow-up Progress on Vulnerabilities**
+
+- If the reported vulnerability is confirmed as valid, you need to complete the official submission through the CNNVD website. When submitting, please fill in the following information as prompted on the webpage:
+  - Basic information: vulnerability name, affected product name, affected product version.
+  - Vulnerability details: complete vulnerability description.
+  - Vulnerability rating: according to official standards, assess the vulnerability level based on the difficulty of exploitation and the impact level after exploitation.
+  
+- Fix Progress and Result Notification
+  - We will arrange the vulnerability repair team to address the issue based on its severity. Once the vulnerability is fixed and released in a new version, we will notify you via the original reporting email about the resolution status: fixed version number, version download/update links, etc., ensuring you can update promptly to mitigate risks.
\ No newline at end of file
diff --git a/src/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md b/src/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..e51580a91
--- /dev/null
+++ b/src/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# Vulnerability submission
+
+To ensure the security and user experience of TimechoDB and related tools, we have established a standardized vulnerability response mechanism. If you discover any product vulnerabilities, please follow the process below to provide feedback. We will promptly follow up and keep you updated on the progress.
+
+### 1. Email Reporting Guidelines
+
+When using TimechoDB core products, related ecosystem components, or accompanying operation tools, if you identify security risks or functional abnormalities, please submit your feedback via the dedicated email address with the following requirements:
+
+- Reporting Email: **security@timecho.com**
+
+- To help us locate and verify vulnerabilities more efficiently, please include the following key information in your email:
+  - Core vulnerability details: affected product, module name, vulnerability scenario, description of the vulnerability phenomenon, and reproducible steps.
+  - If available, please attach screenshots, error logs, or other supporting materials, which will significantly improve verification efficiency.
+  
+
+### 2. Verification Result Notification
+
+After receiving your report, we will complete the vulnerability verification as soon as possible and notify you of the results via the original reporting email. There are two specific scenarios:
+
+- **If the vulnerability is verified as "valid"**:
+  - The email will clearly inform you that the "vulnerability has been confirmed" and include the official CNNVD (National Information Security Vulnerability Database) submission guide (with official website link: [www.cnnvd.org.cn](https://www.cnnvd.org.cn/)).
+  - You can follow the guide to submit official vulnerability information to CNNVD.
+- **If the vulnerability is verified as "invalid" or "non-reproducible"**:
+  - If determined as "invalid": the email will clearly explain the reasons why the vulnerability is invalid.
+  - If determined as "non-reproducible": the email will inform you about what additional information is needed, such as more detailed reproduction steps.
+
+### 3. Follow-up Progress on Vulnerabilities**
+
+- If the reported vulnerability is confirmed as valid, you need to complete the official submission through the CNNVD website. When submitting, please fill in the following information as prompted on the webpage:
+  - Basic information: vulnerability name, affected product name, affected product version.
+  - Vulnerability details: complete vulnerability description.
+  - Vulnerability rating: according to official standards, assess the vulnerability level based on the difficulty of exploitation and the impact level after exploitation.
+  
+- Fix Progress and Result Notification
+  - We will arrange the vulnerability repair team to address the issue based on its severity. Once the vulnerability is fixed and released in a new version, we will notify you via the original reporting email about the resolution status: fixed version number, version download/update links, etc., ensuring you can update promptly to mitigate risks.
\ No newline at end of file
diff --git a/src/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md b/src/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..e51580a91
--- /dev/null
+++ b/src/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# Vulnerability submission
+
+To ensure the security and user experience of TimechoDB and related tools, we have established a standardized vulnerability response mechanism. If you discover any product vulnerabilities, please follow the process below to provide feedback. We will promptly follow up and keep you updated on the progress.
+
+### 1. Email Reporting Guidelines
+
+When using TimechoDB core products, related ecosystem components, or accompanying operation tools, if you identify security risks or functional abnormalities, please submit your feedback via the dedicated email address with the following requirements:
+
+- Reporting Email: **security@timecho.com**
+
+- To help us locate and verify vulnerabilities more efficiently, please include the following key information in your email:
+  - Core vulnerability details: affected product, module name, vulnerability scenario, description of the vulnerability phenomenon, and reproducible steps.
+  - If available, please attach screenshots, error logs, or other supporting materials, which will significantly improve verification efficiency.
+  
+
+### 2. Verification Result Notification
+
+After receiving your report, we will complete the vulnerability verification as soon as possible and notify you of the results via the original reporting email. There are two specific scenarios:
+
+- **If the vulnerability is verified as "valid"**:
+  - The email will clearly inform you that the "vulnerability has been confirmed" and include the official CNNVD (National Information Security Vulnerability Database) submission guide (with official website link: [www.cnnvd.org.cn](https://www.cnnvd.org.cn/)).
+  - You can follow the guide to submit official vulnerability information to CNNVD.
+- **If the vulnerability is verified as "invalid" or "non-reproducible"**:
+  - If determined as "invalid": the email will clearly explain the reasons why the vulnerability is invalid.
+  - If determined as "non-reproducible": the email will inform you about what additional information is needed, such as more detailed reproduction steps.
+
+### 3. Follow-up Progress on Vulnerabilities**
+
+- If the reported vulnerability is confirmed as valid, you need to complete the official submission through the CNNVD website. When submitting, please fill in the following information as prompted on the webpage:
+  - Basic information: vulnerability name, affected product name, affected product version.
+  - Vulnerability details: complete vulnerability description.
+  - Vulnerability rating: according to official standards, assess the vulnerability level based on the difficulty of exploitation and the impact level after exploitation.
+  
+- Fix Progress and Result Notification
+  - We will arrange the vulnerability repair team to address the issue based on its severity. Once the vulnerability is fixed and released in a new version, we will notify you via the original reporting email about the resolution status: fixed version number, version download/update links, etc., ensuring you can update promptly to mitigate risks.
\ No newline at end of file
diff --git a/src/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md b/src/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..e51580a91
--- /dev/null
+++ b/src/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# Vulnerability submission
+
+To ensure the security and user experience of TimechoDB and related tools, we have established a standardized vulnerability response mechanism. If you discover any product vulnerabilities, please follow the process below to provide feedback. We will promptly follow up and keep you updated on the progress.
+
+### 1. Email Reporting Guidelines
+
+When using TimechoDB core products, related ecosystem components, or accompanying operation tools, if you identify security risks or functional abnormalities, please submit your feedback via the dedicated email address with the following requirements:
+
+- Reporting Email: **security@timecho.com**
+
+- To help us locate and verify vulnerabilities more efficiently, please include the following key information in your email:
+  - Core vulnerability details: affected product, module name, vulnerability scenario, description of the vulnerability phenomenon, and reproducible steps.
+  - If available, please attach screenshots, error logs, or other supporting materials, which will significantly improve verification efficiency.
+  
+
+### 2. Verification Result Notification
+
+After receiving your report, we will complete the vulnerability verification as soon as possible and notify you of the results via the original reporting email. There are two specific scenarios:
+
+- **If the vulnerability is verified as "valid"**:
+  - The email will clearly inform you that the "vulnerability has been confirmed" and include the official CNNVD (National Information Security Vulnerability Database) submission guide (with official website link: [www.cnnvd.org.cn](https://www.cnnvd.org.cn/)).
+  - You can follow the guide to submit official vulnerability information to CNNVD.
+- **If the vulnerability is verified as "invalid" or "non-reproducible"**:
+  - If determined as "invalid": the email will clearly explain the reasons why the vulnerability is invalid.
+  - If determined as "non-reproducible": the email will inform you about what additional information is needed, such as more detailed reproduction steps.
+
+### 3. Follow-up Progress on Vulnerabilities**
+
+- If the reported vulnerability is confirmed as valid, you need to complete the official submission through the CNNVD website. When submitting, please fill in the following information as prompted on the webpage:
+  - Basic information: vulnerability name, affected product name, affected product version.
+  - Vulnerability details: complete vulnerability description.
+  - Vulnerability rating: according to official standards, assess the vulnerability level based on the difficulty of exploitation and the impact level after exploitation.
+  
+- Fix Progress and Result Notification
+  - We will arrange the vulnerability repair team to address the issue based on its severity. Once the vulnerability is fixed and released in a new version, we will notify you via the original reporting email about the resolution status: fixed version number, version download/update links, etc., ensuring you can update promptly to mitigate risks.
\ No newline at end of file
diff --git a/src/zh/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md b/src/zh/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..96fcd96c3
--- /dev/null
+++ b/src/zh/UserGuide/Master/Table/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,54 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# 漏洞提报
+
+为保障使用 TimechoDB 及相关工具的安全与体验，建立了规范的漏洞响应机制。若您发现产品漏洞，可按以下流程反馈，我们会及时跟进处理并同步进展。
+
+### 1. 邮件提报指南
+
+使用 **TimechoDB 本体、相关生态组件或配套运维工具** 时，若发现安全隐患、功能异常等问题，可通过专属邮箱提交反馈，具体要求如下：
+
+- 提报邮箱：**security@timecho.com**
+
+- 为了更高效地定位和验证漏洞，建议在邮件中提供以下核心内容：
+  - 需包含漏洞核心信息，如漏洞涉及的产品、模块名称、漏洞场景、漏洞现象描述、可复现的步骤等。
+  - 若有截图、错误日志等材料，可附件发送，会大幅提升核实效率。
+
+### 2. 核实结果同步
+
+收到提报后，会尽快完成漏洞核实，并通过原提报邮箱同步核实结果，具体分两种情况：
+
+- 若漏洞核实为 “真实有效”
+  - 邮件会明确告知您 “漏洞已确认”，同时附上 **CNNVD（国家信息安全漏洞库）官方提报指引**（含官网链接：[www.cnnvd.org.cn](https://www.cnnvd.org.cn)）；
+  - 您可按指引在 CNNVD 提交官方漏洞信息。
+- 若漏洞核实为 “无效” 或 “不可复现”
+  - 若判定为 “无效”：邮件会清晰说明漏洞无效的原因；
+  - 若判定为 “不可复现”：邮件会告知您可进一步协助的内容，如需补充更详细的复现步骤等；
+
+### 3. 漏洞后续进展
+
+- 若反馈的漏洞被确认有效，需通过 CNNVD 官网完成官方提报，提报时按页面提示填写 以下信息：
+  - 基础信息：漏洞名称、涉及产品名称、影响产品版本；
+  - 漏洞详情：完整的漏洞描述；
+  - 漏洞评级：根据官方标准，结合 攻击难易程度 与 攻击后影响程度，完成漏洞等级评定。
+- 修复进展与结果同步
+  - 我们会根据漏洞严重程度，安排漏洞修复团队进行修复。当漏洞修复完成并随新版本发布后，会通过原提报邮箱告知漏洞解决情况：修复版本号、版本下载 / 更新链接等，确保能及时更新，规避风险。
\ No newline at end of file
diff --git a/src/zh/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md b/src/zh/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..96fcd96c3
--- /dev/null
+++ b/src/zh/UserGuide/Master/Tree/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,54 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# 漏洞提报
+
+为保障使用 TimechoDB 及相关工具的安全与体验，建立了规范的漏洞响应机制。若您发现产品漏洞，可按以下流程反馈，我们会及时跟进处理并同步进展。
+
+### 1. 邮件提报指南
+
+使用 **TimechoDB 本体、相关生态组件或配套运维工具** 时，若发现安全隐患、功能异常等问题，可通过专属邮箱提交反馈，具体要求如下：
+
+- 提报邮箱：**security@timecho.com**
+
+- 为了更高效地定位和验证漏洞，建议在邮件中提供以下核心内容：
+  - 需包含漏洞核心信息，如漏洞涉及的产品、模块名称、漏洞场景、漏洞现象描述、可复现的步骤等。
+  - 若有截图、错误日志等材料，可附件发送，会大幅提升核实效率。
+
+### 2. 核实结果同步
+
+收到提报后，会尽快完成漏洞核实，并通过原提报邮箱同步核实结果，具体分两种情况：
+
+- 若漏洞核实为 “真实有效”
+  - 邮件会明确告知您 “漏洞已确认”，同时附上 **CNNVD（国家信息安全漏洞库）官方提报指引**（含官网链接：[www.cnnvd.org.cn](https://www.cnnvd.org.cn)）；
+  - 您可按指引在 CNNVD 提交官方漏洞信息。
+- 若漏洞核实为 “无效” 或 “不可复现”
+  - 若判定为 “无效”：邮件会清晰说明漏洞无效的原因；
+  - 若判定为 “不可复现”：邮件会告知您可进一步协助的内容，如需补充更详细的复现步骤等；
+
+### 3. 漏洞后续进展
+
+- 若反馈的漏洞被确认有效，需通过 CNNVD 官网完成官方提报，提报时按页面提示填写 以下信息：
+  - 基础信息：漏洞名称、涉及产品名称、影响产品版本；
+  - 漏洞详情：完整的漏洞描述；
+  - 漏洞评级：根据官方标准，结合 攻击难易程度 与 攻击后影响程度，完成漏洞等级评定。
+- 修复进展与结果同步
+  - 我们会根据漏洞严重程度，安排漏洞修复团队进行修复。当漏洞修复完成并随新版本发布后，会通过原提报邮箱告知漏洞解决情况：修复版本号、版本下载 / 更新链接等，确保能及时更新，规避风险。
\ No newline at end of file
diff --git a/src/zh/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md b/src/zh/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..96fcd96c3
--- /dev/null
+++ b/src/zh/UserGuide/V1.3.x/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,54 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# 漏洞提报
+
+为保障使用 TimechoDB 及相关工具的安全与体验，建立了规范的漏洞响应机制。若您发现产品漏洞，可按以下流程反馈，我们会及时跟进处理并同步进展。
+
+### 1. 邮件提报指南
+
+使用 **TimechoDB 本体、相关生态组件或配套运维工具** 时，若发现安全隐患、功能异常等问题，可通过专属邮箱提交反馈，具体要求如下：
+
+- 提报邮箱：**security@timecho.com**
+
+- 为了更高效地定位和验证漏洞，建议在邮件中提供以下核心内容：
+  - 需包含漏洞核心信息，如漏洞涉及的产品、模块名称、漏洞场景、漏洞现象描述、可复现的步骤等。
+  - 若有截图、错误日志等材料，可附件发送，会大幅提升核实效率。
+
+### 2. 核实结果同步
+
+收到提报后，会尽快完成漏洞核实，并通过原提报邮箱同步核实结果，具体分两种情况：
+
+- 若漏洞核实为 “真实有效”
+  - 邮件会明确告知您 “漏洞已确认”，同时附上 **CNNVD（国家信息安全漏洞库）官方提报指引**（含官网链接：[www.cnnvd.org.cn](https://www.cnnvd.org.cn)）；
+  - 您可按指引在 CNNVD 提交官方漏洞信息。
+- 若漏洞核实为 “无效” 或 “不可复现”
+  - 若判定为 “无效”：邮件会清晰说明漏洞无效的原因；
+  - 若判定为 “不可复现”：邮件会告知您可进一步协助的内容，如需补充更详细的复现步骤等；
+
+### 3. 漏洞后续进展
+
+- 若反馈的漏洞被确认有效，需通过 CNNVD 官网完成官方提报，提报时按页面提示填写 以下信息：
+  - 基础信息：漏洞名称、涉及产品名称、影响产品版本；
+  - 漏洞详情：完整的漏洞描述；
+  - 漏洞评级：根据官方标准，结合 攻击难易程度 与 攻击后影响程度，完成漏洞等级评定。
+- 修复进展与结果同步
+  - 我们会根据漏洞严重程度，安排漏洞修复团队进行修复。当漏洞修复完成并随新版本发布后，会通过原提报邮箱告知漏洞解决情况：修复版本号、版本下载 / 更新链接等，确保能及时更新，规避风险。
\ No newline at end of file
diff --git a/src/zh/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md b/src/zh/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..2e0f9aea6
--- /dev/null
+++ b/src/zh/UserGuide/dev-1.3/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,53 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# 漏洞提报
+
+为保障使用 TimechoDB 及相关工具的安全与体验，建立了规范的漏洞响应机制。若您发现产品漏洞，可按以下流程反馈，我们会及时跟进处理并同步进展。
+
+### 1. 邮件提报指南
+
+使用 **TimechoDB 本体、相关生态组件或配套运维工具** 时，若发现安全隐患、功能异常等问题，可通过专属邮箱提交反馈，具体要求如下：
+
+- 提报邮箱：**security@timecho.com**
+- 为了更高效地定位和验证漏洞，建议在邮件中提供以下核心内容：
+  - 需包含漏洞核心信息，如漏洞涉及的产品、模块名称、漏洞场景、漏洞现象描述、可复现的步骤等。
+  - 若有截图、错误日志等材料，可附件发送，会大幅提升核实效率。
+
+### 2. 核实结果同步
+
+收到提报后，会尽快完成漏洞核实，并通过原提报邮箱同步核实结果，具体分两种情况：
+
+- 若漏洞核实为 “真实有效”
+  - 邮件会明确告知您 “漏洞已确认”，同时附上 **CNNVD（国家信息安全漏洞库）官方提报指引**（含官网链接：[www.cnnvd.org.cn](https://www.cnnvd.org.cn)）；
+  - 您可按指引在 CNNVD 提交官方漏洞信息。
+- 若漏洞核实为 “无效” 或 “不可复现”
+  - 若判定为 “无效”：邮件会清晰说明漏洞无效的原因；
+  - 若判定为 “不可复现”：邮件会告知您可进一步协助的内容，如需补充更详细的复现步骤等；
+
+### 3. 漏洞后续进展
+
+- 若反馈的漏洞被确认有效，需通过 CNNVD 官网完成官方提报，提报时按页面提示填写 以下信息：
+  - 基础信息：漏洞名称、涉及产品名称、影响产品版本；
+  - 漏洞详情：完整的漏洞描述；
+  - 漏洞评级：根据官方标准，结合 攻击难易程度 与 攻击后影响程度，完成漏洞等级评定。
+- 修复进展与结果同步
+  - 我们会根据漏洞严重程度，安排漏洞修复团队进行修复。当漏洞修复完成并随新版本发布后，会通过原提报邮箱告知漏洞解决情况：修复版本号、版本下载 / 更新链接等，确保能及时更新，规避风险。
\ No newline at end of file
diff --git a/src/zh/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md b/src/zh/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..96fcd96c3
--- /dev/null
+++ b/src/zh/UserGuide/latest-Table/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,54 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# 漏洞提报
+
+为保障使用 TimechoDB 及相关工具的安全与体验，建立了规范的漏洞响应机制。若您发现产品漏洞，可按以下流程反馈，我们会及时跟进处理并同步进展。
+
+### 1. 邮件提报指南
+
+使用 **TimechoDB 本体、相关生态组件或配套运维工具** 时，若发现安全隐患、功能异常等问题，可通过专属邮箱提交反馈，具体要求如下：
+
+- 提报邮箱：**security@timecho.com**
+
+- 为了更高效地定位和验证漏洞，建议在邮件中提供以下核心内容：
+  - 需包含漏洞核心信息，如漏洞涉及的产品、模块名称、漏洞场景、漏洞现象描述、可复现的步骤等。
+  - 若有截图、错误日志等材料，可附件发送，会大幅提升核实效率。
+
+### 2. 核实结果同步
+
+收到提报后，会尽快完成漏洞核实，并通过原提报邮箱同步核实结果，具体分两种情况：
+
+- 若漏洞核实为 “真实有效”
+  - 邮件会明确告知您 “漏洞已确认”，同时附上 **CNNVD（国家信息安全漏洞库）官方提报指引**（含官网链接：[www.cnnvd.org.cn](https://www.cnnvd.org.cn)）；
+  - 您可按指引在 CNNVD 提交官方漏洞信息。
+- 若漏洞核实为 “无效” 或 “不可复现”
+  - 若判定为 “无效”：邮件会清晰说明漏洞无效的原因；
+  - 若判定为 “不可复现”：邮件会告知您可进一步协助的内容，如需补充更详细的复现步骤等；
+
+### 3. 漏洞后续进展
+
+- 若反馈的漏洞被确认有效，需通过 CNNVD 官网完成官方提报，提报时按页面提示填写 以下信息：
+  - 基础信息：漏洞名称、涉及产品名称、影响产品版本；
+  - 漏洞详情：完整的漏洞描述；
+  - 漏洞评级：根据官方标准，结合 攻击难易程度 与 攻击后影响程度，完成漏洞等级评定。
+- 修复进展与结果同步
+  - 我们会根据漏洞严重程度，安排漏洞修复团队进行修复。当漏洞修复完成并随新版本发布后，会通过原提报邮箱告知漏洞解决情况：修复版本号、版本下载 / 更新链接等，确保能及时更新，规避风险。
\ No newline at end of file
diff --git a/src/zh/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md b/src/zh/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md
new file mode 100644
index 000000000..96fcd96c3
--- /dev/null
+++ b/src/zh/UserGuide/latest/IoTDB-Introduction/Vulnerability-submission.md
@@ -0,0 +1,54 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+        http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+
+# 漏洞提报
+
+为保障使用 TimechoDB 及相关工具的安全与体验，建立了规范的漏洞响应机制。若您发现产品漏洞，可按以下流程反馈，我们会及时跟进处理并同步进展。
+
+### 1. 邮件提报指南
+
+使用 **TimechoDB 本体、相关生态组件或配套运维工具** 时，若发现安全隐患、功能异常等问题，可通过专属邮箱提交反馈，具体要求如下：
+
+- 提报邮箱：**security@timecho.com**
+
+- 为了更高效地定位和验证漏洞，建议在邮件中提供以下核心内容：
+  - 需包含漏洞核心信息，如漏洞涉及的产品、模块名称、漏洞场景、漏洞现象描述、可复现的步骤等。
+  - 若有截图、错误日志等材料，可附件发送，会大幅提升核实效率。
+
+### 2. 核实结果同步
+
+收到提报后，会尽快完成漏洞核实，并通过原提报邮箱同步核实结果，具体分两种情况：
+
+- 若漏洞核实为 “真实有效”
+  - 邮件会明确告知您 “漏洞已确认”，同时附上 **CNNVD（国家信息安全漏洞库）官方提报指引**（含官网链接：[www.cnnvd.org.cn](https://www.cnnvd.org.cn)）；
+  - 您可按指引在 CNNVD 提交官方漏洞信息。
+- 若漏洞核实为 “无效” 或 “不可复现”
+  - 若判定为 “无效”：邮件会清晰说明漏洞无效的原因；
+  - 若判定为 “不可复现”：邮件会告知您可进一步协助的内容，如需补充更详细的复现步骤等；
+
+### 3. 漏洞后续进展
+
+- 若反馈的漏洞被确认有效，需通过 CNNVD 官网完成官方提报，提报时按页面提示填写 以下信息：
+  - 基础信息：漏洞名称、涉及产品名称、影响产品版本；
+  - 漏洞详情：完整的漏洞描述；
+  - 漏洞评级：根据官方标准，结合 攻击难易程度 与 攻击后影响程度，完成漏洞等级评定。
+- 修复进展与结果同步
+  - 我们会根据漏洞严重程度，安排漏洞修复团队进行修复。当漏洞修复完成并随新版本发布后，会通过原提报邮箱告知漏洞解决情况：修复版本号、版本下载 / 更新链接等，确保能及时更新，规避风险。
\ No newline at end of file