forked from Mirror/ollama4j
Add CONTRIBUTING.md and SECURITY.md files
- Introduced a CONTRIBUTING.md file to guide contributors on setup, coding guidelines, and pull request processes. - Added a SECURITY.md file outlining the security policy, reporting vulnerabilities, and responsible disclosure procedures.
This commit is contained in:
amithkoujalgi
39
SECURITY.md
Normal file
39
SECURITY.md
Normal file
@@ -0,0 +1,39 @@
|
||||
## Security Policy
|
||||
|
||||
### Supported Versions
|
||||
|
||||
We aim to support the latest released version of `ollama4j` and the most recent minor version prior to it. Older versions may receive fixes on a best-effort basis.
|
||||
|
||||
### Reporting a Vulnerability
|
||||
|
||||
Please do not open public GitHub issues for security vulnerabilities.
|
||||
|
||||
Instead, email the maintainer at:
|
||||
|
||||
```
|
||||
koujalgi.amith@gmail.com
|
||||
```
|
||||
|
||||
Include as much detail as possible:
|
||||
|
||||
- A clear description of the issue and impact
|
||||
- Steps to reproduce or proof-of-concept
|
||||
- Affected version(s) and environment
|
||||
- Any suggested mitigations or patches
|
||||
|
||||
You should receive an acknowledgement within 72 hours. We will work with you to validate the issue, determine severity, and prepare a fix.
|
||||
|
||||
### Disclosure
|
||||
|
||||
We follow a responsible disclosure process:
|
||||
|
||||
1. Receive and validate report privately.
|
||||
2. Develop and test a fix.
|
||||
3. Coordinate a release that includes the fix.
|
||||
4. Publicly credit the reporter (if desired) in release notes.
|
||||
|
||||
### GPG Signatures
|
||||
|
||||
Releases may be signed as part of our CI pipeline. If verification fails or you have concerns about release integrity, please contact us via the email above.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user