Commit Graph
43 Commits
Author SHA1 Message Date
c31694af09 chore: Update SECURITY.md (#25773)
* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Extend the already-fixed/monitoring rule to public PRs and credit

Broaden the rule from "already fixed" to also cover issues already being fixed in
the open (e.g. an open pull request), extend the commit-monitoring pattern to PRs,
and fold in the credit consequence on provable grounds rather than an unprovable
bad-faith claim: a report of an already-public, already-fixed-or-being-fixed issue
filed strictly last is a duplicate we cannot distinguish from scraping, so it earns
no advisory. Credit belongs to whoever found or fixed it, who forfeits it by
disclosing publicly instead of reporting confidentially first — so a public fix
earns no advisory and no credit for anyone.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Remove Rule 14 (One Vulnerability Per Report)

The one-CVE-per-vulnerability constraint it restated is a CVE Program counting
rule, already binding through the "Alignment with the CVE Program" section.
Dropping the standalone rule removes the duplication; bundled reports are still
split on that basis when they arise.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* security policy: surface "What a Valid Report Gets You" near the top, refresh date

Move the "What a Valid Report Gets You" section up to directly under the good-faith
reporting section (it leads with what reporters receive, rather than burying it
below the rules), and update the last-updated date.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Update SECURITY.md

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 02:11:17 -05:00
Classic298andGitHub 6360af36d8 Update SECURITY.md (#24726) 2026-05-15 09:30:48 +09:00
Timothy Jaeryang Baek 3ab7b777b1 refac 2026-05-09 05:15:12 +09:00
Classic298andGitHub 1f977d072e chore: Update SECURITY.md (#24363)
* Update SECURITY.md

* Update SECURITY.md
2026-05-09 01:19:30 +09:00
Classic298andGitHub 4e6a7baab7 Merge pull request #24356 from Classic298/patch-1
doc/chore: Update SECURITY.md
2026-05-05 03:45:57 +09:00
Timothy Jaeryang Baek 4023f6722b refac 2026-04-17 13:16:56 +09:00
Classic298andGitHub c81b3ef9ce sec (#22897) 2026-03-20 15:47:50 -05:00
Timothy Jaeryang Baek 7611762e04 doc: sec 2026-03-15 17:16:18 -05:00
Timothy Jaeryang Baek 636ab99ad8 feat: experimental open terminal integration 2026-02-25 15:15:53 -06:00
Classic298andGitHub e3f21d6c3b Update SECURITY.md (#21859) 2026-02-25 12:55:20 -06:00
Timothy Jaeryang Baek 49d57ae82b chore: format 2025-11-06 16:44:33 -05:00
Timothy Jaeryang Baek 0d0a37c884 chore: format 2025-11-06 16:39:07 -05:00
Timothy Jaeryang Baek 224e4c3a61 chore: format 2025-11-06 03:51:26 -05:00
Classic298andGitHub e4e2f8352c Revise SECURITY.md for improved clarity
Updated security reporting guidelines for clarity and structure.
2025-11-06 08:43:56 +01:00
Timothy Jaeryang Baek a70bc52c34 chore: format 2025-10-26 19:33:39 -07:00
Classic298andGitHub ab07bab140 Clarify PR guidelines for translation contributions
Emphasize the importance of standalone PRs for translation updates.
2025-10-18 11:11:51 +02:00
Classic298andGitHub a483d41de2 Patch 1 (#22) 2025-10-17 11:32:17 +02:00
Timothy Jaeryang Baek fd0e9652a8 chore: format 2025-10-16 11:36:26 -05:00
Classic298andGitHub e41836f8bd Update SECURITY.md 2025-10-12 17:24:38 +02:00
Classic298andGitHub 0417a456c3 Update SECURITY.md 2025-10-12 17:23:23 +02:00
Classic298andGitHub 3fc29b292c chore: expand SECURITY.MD once again 2025-10-12 17:08:13 +02:00
Classic298andGitHub 8ca4596918 Update SECURITY.md 2025-10-09 09:03:36 +02:00
omahsandGitHub 863f227be9 fix: typos 2025-05-05 14:14:59 +02:00
Allen Webb 76f99d193f docs/apache.md: Add websocket proxy
After 0.5 websocket support is required so update the proxy instructions
to include websockets.

Issue #8074#issuecomment-2562017399
2025-01-08 10:13:00 -06:00
Yuta Hayashibe 12516c8a45 fix: Fix typos 2024-10-14 16:22:07 +09:00
Timothy Jaeryang BaekandGitHub ec99ac7121 Update SECURITY.md 2024-08-19 09:18:40 -05:00
Timothy J. Baek 7ef5aa520c chore: format 2024-08-13 11:12:35 +01:00
Timothy J. Baek 40ecc2563a chore: format 2024-08-07 14:51:07 +02:00
Justin HayesandGitHub 35115957d8 Update SECURITY.md 2024-08-06 15:08:37 -04:00
Justin HayesandGitHub b193eb1d82 Update SECURITY.md 2024-08-06 14:57:07 -04:00
Bartowski 25ee5f6cb0 Update CONTRIBUTING.md
Update step one to be opening a discussion rather than an issue
2024-06-05 16:24:24 -04:00
Justin HayesandGitHub 0586d76b5d Add line re: keeping PRs open 2024-06-03 16:26:30 -04:00
EthanandGitHub 4fa8d2aa5a Fixed link/formatting 2024-05-12 01:33:49 +00:00
Jannik Streidl dbdc602791 added simplified + traditional chinese, updates uk keys, changed standart language code format to xx-XX 2024-03-14 12:10:04 +01:00
Ased Mammad b76eb46d86 docs: Update contributing.md 2024-03-07 13:20:00 +03:30
Ased Mammad df8aeb39c6 docs: Add translations section to contributing.md 2024-03-05 18:17:52 +03:30
Timothy J. Baek 90bcd1644a rename to open-webui 2024-02-16 23:30:38 -08:00
Justin HayesandGitHub 886e78d6fc Move to docs 2024-02-15 13:28:00 -05:00
Arthur25 ee1c37f70e Replaced old .ai TLD with new .com TLD 2024-02-14 23:17:45 +01:00
Doug WinzellandGitHub ca188b14ab Rename SECURITY.md to docs/SECURITY.md
Moved Security.md to /docs Will still show up on the GH security tab.
2024-01-25 07:54:18 -08:00
Oliver Bob Reyes Lagumen 8e0552f735 Idiot-Proof level HTTPS doc for apache 2024-01-17 20:30:52 +08:00
Anuraag Jain 8cd6eaf1bc docs: minor changes 2023-12-31 09:28:39 +02:00
Anuraag Jain 8f21de9c7c docs: add api workflow
- helps in development to understand what's happening under the hood
2023-12-30 14:20:34 +02:00