Skip to content

Security: smallrye/smallrye-llm

Security

SECURITY.md

Reporting of CVEs and Security Issues

The Smallrye LLM community takes security bugs very seriously

We aim to take immediate action to address serious security-related problems that involve our project.

Note that we will only fix such issues in the most recent minor release of Smallrye LLM.

Reporting of Security Issues

When reporting a security vulnerability it is important to not accidentally broadcast to the world that the issue exists, as this makes it easier for people to exploit it. The software industry uses the term embargo to describe the time a security issue is known internally until it is public knowledge.

Our preferred way of reporting security issues in Smallrye LLM is listed below.

Email the Smallrye LLM team

To report a security issue, please email [email protected] and/or [email protected]. A member of the Smallrye LLM team will open the required issues.

Other considerations

If you would like to work with us on a fix for the security vulnerability, please include your GitHub username in the above email, and we will provide you access to a temporary private fork where we can collaborate on a fix without it being disclosed publicly, including in your own publicly visible git repository.

Do not open a public issue, send a pull request, or disclose any information about the suspected vulnerability publicly, including in your own publicly visible git repository. If you discover any publicly disclosed security vulnerabilities, please notify us immediately through the emails listed in the section above.

There aren’t any published security advisories