theme-next · ivan-nginx · Mar 23, 2019 · Mar 23, 2019 · Mar 23, 2019 · Mar 23, 2019
diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md
@@ -12,6 +12,7 @@ First of all, thanks for taking your time to contribute and help make our projec
 
   * [Before Submitting An Issue](#before-submitting-an-issue)
   * [Reporting Bugs](#reporting-bugs)
+    * [Reporting Security Bugs](#reporting-security-bugs)
   * [Suggesting Enhancements](#suggesting-enhancements)
   * [Submitting a Pull Request](#submitting-a-pull-request)
   * [Creating Releases](#creating-releases)
@@ -24,11 +25,13 @@ First of all, thanks for taking your time to contribute and help make our projec
   * [Commit Messages Rules](#commit-messages-rules)
 
 <a name="how-can-i-contribute"></a>
+
 ## How Can I Contribute?
 
 Main Theme-Next repository was rebased from [iissnan's](https://github.com/iissnan/hexo-theme-next) profile to [Theme-Next](https://github.com/theme-next) organization on GitHub. Most libraries under the `next/source/lib` directory was moved out to [external repos](https://github.com/theme-next) under NexT organization. Version 5 works fine at most cases, but for frequent users, you maybe need to [upgrade version 5 to 6](https://github.com/theme-next/hexo-theme-next/blob/master/docs/UPDATE-FROM-5.1.X.md) to get features and supports in new [Theme-Next](https://github.com/theme-next/hexo-theme-next) repository.
 
 <a name="before-submitting-an-issue"></a>
+
 ### Before Submitting An Issue
 
 If you just have a question, you'll get faster results by checking the FAQs for a list of common questions and problems (Work in progress) or the [«NexT» Documentation Site](https://theme-next.org/docs/) (Work in progress).
@@ -40,6 +43,7 @@ If you find a bug in the source code, most importantly, please check carefully i
 [submit a Pull Request](#submitting-a-pull-request) with a fix.
 
 <a name="reporting-bugs"></a>
+
 ### Reporting Bugs
 
 Before creating bug reports, please check [this list](#before-submitting-an-issue) as you might find out that you don't need to create one. After you've determined the repository your bug is related to, create an issue on that repository and provide the information as many details as possible by filling in [the required template](ISSUE_TEMPLATE.md).
@@ -58,6 +62,16 @@ Following these guidelines helps maintainers and the community understand your r
 * Describe the behavior you observed after following the steps and point out what exactly is the problem with that behavior.
 * Explain which behavior you expected to see instead and why.
 
+<a name="reporting-security-bugs"></a>
+
+#### Reporting Security Bugs
+
+If you find a security issue, please act responsibly and report it not in the public issue tracker, but directly to us, so we can fix it before it can be exploited. Please send the related information to [email protected] (desirable with using PGP for e-mail encryption).
+
+We will gladly special thanks to anyone who reports a vulnerability so that we can fix it. If you want to remain anonymous or pseudonymous instead, please let us know that; we will gladly respect your wishes.
+
+<a name="suggesting-enhancements"></a>
+
 ### Suggesting Enhancements
 
 Before creating enhancement suggestions, please check [this list](#before-submitting-an-issue) as you might find out that you don't need to create one. After you've determined the repository your enhancement suggestion is related to, create an issue on that repository and provide the information as many details as possible by filling in [the required template](ISSUE_TEMPLATE.md).
@@ -68,6 +82,8 @@ Following these guidelines helps maintainers and the community understand your s
 * Describe the current behavior and explain which behavior you expected to see instead and Explain why this enhancement would be useful to most users.
 * Provide specific examples to demonstrate the suggestion. Include links to files (screenshots or GIFs) or live demo.
 
+<a name="submitting-a-pull-request"></a>
+
 ### Submitting a Pull Request
 
 Before creating a Pull Request (PR), please check [this list](#before-submitting-an-issue) as you might find out that you don't need to create one. After you've determined the repository your pull request is related to, create a pull request on that repository. The detailed document of creating a pull request can be found [here](https://help.github.com/articles/creating-a-pull-request/).
@@ -97,6 +113,8 @@ Following these guidelines helps maintainers and the community understand your p
 * Fill in [the required template](PULL_REQUEST_TEMPLATE.md) as many details as possible.
 * All features or bug fixes must be tested in all schemes. And provide specific examples to demonstrate the pull request. Include links to files (screenshots or GIFs) or live demo.
 
+<a name="creating-releases"></a>
+
 ### Creating Releases
 
 Releases are a great way to ship projects on GitHub to your users.
@@ -112,16 +130,24 @@ Releases are a great way to ship projects on GitHub to your users.
 5. If you'd like to include binary files along with your release, such as compiled programs, drag and drop or select files manually in the binaries box.
 6. If the release is unstable, select **This is a pre-release** to notify users that it's not ready for production. If you're ready to publicize your release, click **Publish release**. Otherwise, click **Save draft** to work on it later.
 
+<a name="guides"></a>
+
 ## Guides
 
+<a name="coding-rules"></a>
+
 ### Coding Rules
 
 This project and everyone participating in it is governed by the [Code of Conduct](CODE_OF_CONDUCT.md) to keep open and inclusive. By participating, you are expected to uphold this code.
 
+<a name="coding-standards"></a>
+
 ### Coding Standards
 
 To be continued.
 
+<a name="labels-rules"></a>
+
 ### Labels Rules
 
 We use "labels" in the issue tracker to help classify pull requests and issues. Using labels enables maintainers and users to quickly find issues they should look into, either because they experience them, or because it meets their area of expertise.
@@ -182,6 +208,8 @@ Pull requests related:
 - `v6.x`: A Pull requests that bug fixes and some optimizations related to old NexT version 6
 - `v7.x`: A Pull requests that bug fixes and some optimizations, related to old NexT version 7
 
+<a name="commit-messages-rules"></a>
+
 ### Commit Messages Rules
 
 We have very precise rules over how our git commit messages can be formatted. Each commit message consists of a `type` and a `subject`. This leads to more

diff --git a/docs/zh-CN/CONTRIBUTING.md b/docs/zh-CN/CONTRIBUTING.md
@@ -12,6 +12,7 @@
 
   * [你需要了解的](#before-submitting-an-issue)
   * [反馈 Bug](#reporting-bugs)
+    * [提交漏洞](#reporting-security-bugs)
   * [提交功能需求](#suggesting-enhancements)
   * [提交合并请求](#submitting-a-pull-request)
   * [发布版本](#creating-releases)
@@ -24,18 +25,21 @@
   * [提交信息规范](#commit-messages-rules)
 
 <a name="how-can-i-contribute"></a>
+
 ## 如何为 Next 做贡献
 
 目前 Next 主题已经从 [iissnan](https://github.com/iissnan/hexo-theme-next) 的个人仓库移动到了 [Theme-Next](https://github.com/theme-next) 组织仓库中，并升级到 V6 版本。在 V6+ 版本中，`next/source/lib` 目录下的第三方依赖库将独立放置在 [Theme-Next](https://github.com/theme-next) 组织仓库中。在大多数情况下，NexT V5 版本仍然能够正常运行，但是如果你想获得更多的功能和帮助，还是建议您[升级到 NexT V6+ 版本](https://github.com/theme-next/hexo-theme-next/blob/master/docs/UPDATE-FROM-5.1.X.md)，并移步 [Theme-Next](https://github.com/theme-next/hexo-theme-next) 仓库。
 
 <a name="before-submitting-an-issue"></a>
+
 ### 你需要了解的
 
 如果你在使用过程中遇到了问题，你可以查阅 FAQs（建设中） 或者 [NexT 帮助文档](https://theme-next.org/docs/)（建设中）。另外，你也可以通过[这里](https://github.com/theme-next/hexo-theme-next/search?q=&type=Issues&utf8=%E2%9C%93)进行大致检索，有些问题已经得到解答，你可以自行解决。对于没有解决的 Issue，你也可以继续提问。
 
 如果你在使用过程中发现了 Bug，请再次确认 Bug 在[最新发布版本](https://github.com/theme-next/hexo-theme-next/releases/latest)中是否重现。如果 Bug 重现，欢迎你到我们的 [Theme-NexT 仓库](https://github.com/theme-next/hexo-theme-next)中[反馈 Bug ](#reporting-bugs) 和[提交功能需求](#suggesting-enhancements)，也更期待您[提交合并请求](#submitting-a-pull-request)
 
 <a name="reporting-bugs"></a>
+
 ### 反馈 Bug
 
 反馈 Bug 前，请再次确认您已经查看了[你需要了解的](#before-submitting-an-issue)内容，避免提交重复的 Issue。确定相关仓库后，创建 Issue 并按照[模板](../../.github/ISSUE_TEMPLATE.md)尽可能的详细填写相关信息。
@@ -54,7 +58,16 @@
 * 详细描述通过上述重现过程出现的问题。
 * 详细描述你期待的结果。
 
+<a name="reporting-security-bugs"></a>
+
+#### 提交漏洞
+
+如果你发现安全问题，请以负责任的方式行事，即不要在公共 Issue 中提交而是直接向我们反馈，这样我们就可以在漏洞被利用之前对其进行修复。请将相关信息发送到 [email protected]（可接受 PGP 加密邮件）。
+
+我们很乐意对任何提交漏洞的人予以特别感谢以便我们修复它。如果你想保持匿名性或使用笔名替代，请告诉我们。我们将充分尊重你的意愿。
+
 <a name="suggesting-enhancements"></a>
+
 ### 提交功能需求
 
 提交功能需求前，请再次确认您已经查看了[你需要了解的](#before-submitting-an-issue)内容，避免提交重复的 Issue。确定相关仓库后，创建 Issue 并按照[模板](../../.github/ISSUE_TEMPLATE.md)尽可能的详细填写相关信息。
@@ -66,6 +79,7 @@
 * 提供功能需求的样例，如图像文件、在线演示网址等等。
 
 <a name="submitting-a-pull-request"></a>
+
 ### 提交合并请求
 
 提交合并请求前，请再次确认您已经查看了[你需要了解的](#before-submitting-an-issue)内容，避免提交重复的合并请求。确定相关仓库后，创建合并请求。更多详细操作过程可以查看[帮助文档](https://help.github.com/articles/creating-a-pull-request/)。
@@ -96,6 +110,7 @@
 * 合并请求需要在所有主题样式中测试通过，并提供所表现功能的样例，如图像文件、在线演示网址等等。
 
 <a name="creating-releases"></a>
+
 ### 发布版本
 
 版本发布是将项目发布给用户的一种很好的方式。
@@ -112,19 +127,23 @@
 6. 如果版本不稳定，请选择 **This is a pre-release**，以通知用户它尚未完全准备好。如果您准备公布您的版本，请点击 **Publish release**。否则，请单击 **Save draft** 以稍后处理。
 
 <a name="guides"></a>
+
 ## 规范
 
 <a name="coding-rules"></a>
+
 ### 行为规范
 
 为了保证本项目的顺利运作，所有参与人都需要遵守[行为规范](CODE_OF_CONDUCT.md)。
 
 <a name="coding-standards"></a>
+
 ### 编码规范
 
 未完待续。
 
 <a name="labels-rules"></a>
+
 ### 标签规范
 
 为了方便维护人员和用户能够快速找到他们想要查看的问题，我们使用“标签”功能对拉取请求和问题进行分类。
@@ -185,6 +204,8 @@ Pull requests 的标签：
 - `v6.x`: NexT v6.x 旧版相关的修复和优化类型 Pull request
 - `v7.x`: NexT v7.x 旧版相关的修复和优化类型 Pull request
 
+<a name="commit-messages-rules"></a>
+
 ### 提交信息规范
 
 我们对项目的 git 提交信息格式进行统一格式约定，每条提交信息由 `type`+`subject` 组成，这将提升项目日志的可读性。