Skip to content

Commit 02a5701

Browse files
authored
security : disable private disclosures (ggml-org#23963)
1 parent 48b88c3 commit 02a5701

1 file changed

Lines changed: 5 additions & 5 deletions

File tree

SECURITY.md

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,16 +12,16 @@
1212

1313
## Reporting a vulnerability
1414

15+
> [!IMPORTANT]
16+
> The private security disclosure program is disabled until further notice. Please submit patches with fixes directly to the repo as public PRs. Emails will be ignored.
17+
1518
If you have discovered a security vulnerability in this project that falls inside the [covered topics](#covered-topics), please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
1619

1720
Please disclose it as a private [security advisory](https://github.com/ggml-org/llama.cpp/security/advisories/new).
1821

1922
A team of volunteers on a reasonable-effort basis maintains this project. As such, please give us at least 90 days to work on a fix before public exposure.
2023

21-
> [!IMPORTANT]
22-
> For collaborators: if you are interested in helping out with reviewing private security disclosures, please see: https://github.com/ggml-org/llama.cpp/discussions/18080
23-
24-
## Requirements
24+
### Requirements
2525

2626
Before submitting your report, ensure you meet the following requirements:
2727

@@ -31,7 +31,7 @@ Before submitting your report, ensure you meet the following requirements:
3131

3232
Maintainers reserve the right to close the report if these requirements are not fulfilled.
3333

34-
## Covered Topics
34+
### Covered Topics
3535

3636
Only vulnerabilities that fall within these parts of the project are considered valid. For problems falling outside of this list, please report them as issues.
3737

0 commit comments

Comments
 (0)