If you discover a security vulnerability in RamaLama, please report it through GitHub's Security Advisory system. This allows us to coordinate a fix and disclosure process that protects users.
Please DO NOT report the issue publicly via the GitHub issue tracker, mailing list, or IRC. Please do not create a public issue.
- Go to our security advisory page to privately report the vulnerability.
- Provide detailed information about the vulnerability, including:
- Description of the issue
- Steps to reproduce
- Potential impact
- Suggested fix (if available)
Your report will be reviewed by the maintainers, and we will work with you to understand and address the issue promptly.
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours
- Updates: We will keep you informed about our progress in addressing the vulnerability
- Credit: We will credit you for the discovery when we publish the fix (unless you prefer to remain anonymous)
Thank you for helping keep RamaLama and its users secure!