Skip to content

Security: anima-kit/ollama-docker

Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting Security Issues

Security vulnerabilities should be reported privately through GitHub's Private Vulnerability Reporting feature.

To report a security issue:

  1. Go to the Security tab in this repository
  2. Click "Report a vulnerability"
  3. Fill out the vulnerability report form with details about the issue

You can also navigate directly to Github's Private Vulnerability Reporting.

Why Private Reporting?

  • Protects other users: Vulnerabilities are fixed before they can be exploited
  • Responsible disclosure: Gives you time to investigate and patch
  • Confidentiality: Your report remains private until patched

Collaboration Process

When you report a security issue:

  1. I'll acknowledge receipt and confirm understanding of the problem
  2. We'll work together (if desired) to develop and test a fix
  3. The fix will be implemented and verified
  4. A security advisory will be published with details and credit

What You Can Expect

  • Acknowledgment: I'll try to acknowledge your report within 1-2 weeks
  • Collaborative fixing: I'll work with you (if desired) to understand and resolve the issue
  • Regular updates: I'll keep you informed of progress (if desired)
  • Public disclosure: Once fixed, I'll publicly document the vulnerability and solution
  • Credit: I'll give appropriate credit for responsible disclosure (unless you prefer to remain anonymous)

Responsible Disclosure

I believe in responsible disclosure:

  • Reporting vulnerabilities privately first
  • Allowing time for a fix before public disclosure
  • Providing clear information about the vulnerability and how it's fixed
  • Respecting the time and effort of security researchers

Your Role

When reporting, please include:

  • Clear reproduction steps
  • Impact assessment
  • Any potential workarounds
  • Your contact information (optional)

Response Time

I'll make reasonable efforts to acknowledge and address security reports within 1-2 weeks of receipt.

Disclaimer

This is a personal project maintained by a non-security expert. I provide this code "as-is" without warranties of any kind. While I'm committed to maintaining secure code, I can't guarantee that vulnerabilities won't exist.

What I'm Not Responsible For

This project is provided without warranty. I'm not liable for any damages arising from use of this code, including but not limited to data loss, system compromise, or other security incidents.

Contact

Security issues should be reported through GitHub's Private Vulnerability Reporting feature.

There aren’t any published security advisories