mirror of
https://github.com/amithkoujalgi/ollama4j.git
synced 2025-11-04 10:30:41 +01:00
bb1adacc7f
- Introduced a CONTRIBUTING.md file to guide contributors on setup, coding guidelines, and pull request processes. - Added a SECURITY.md file outlining the security policy, reporting vulnerabilities, and responsible disclosure procedures.
40 lines
1.1 KiB
Markdown
40 lines
1.1 KiB
Markdown
## Security Policy
|
|
|
|
### Supported Versions
|
|
|
|
We aim to support the latest released version of `ollama4j` and the most recent minor version prior to it. Older versions may receive fixes on a best-effort basis.
|
|
|
|
### Reporting a Vulnerability
|
|
|
|
Please do not open public GitHub issues for security vulnerabilities.
|
|
|
|
Instead, email the maintainer at:
|
|
|
|
```
|
|
koujalgi.amith@gmail.com
|
|
```
|
|
|
|
Include as much detail as possible:
|
|
|
|
- A clear description of the issue and impact
|
|
- Steps to reproduce or proof-of-concept
|
|
- Affected version(s) and environment
|
|
- Any suggested mitigations or patches
|
|
|
|
You should receive an acknowledgement within 72 hours. We will work with you to validate the issue, determine severity, and prepare a fix.
|
|
|
|
### Disclosure
|
|
|
|
We follow a responsible disclosure process:
|
|
|
|
1. Receive and validate report privately.
|
|
2. Develop and test a fix.
|
|
3. Coordinate a release that includes the fix.
|
|
4. Publicly credit the reporter (if desired) in release notes.
|
|
|
|
### GPG Signatures
|
|
|
|
Releases may be signed as part of our CI pipeline. If verification fails or you have concerns about release integrity, please contact us via the email above.
|
|
|
|
|