44 Commits

Author SHA1 Message Date
Timothy Jaeryang Baek
f9c3ccd869 refac 2026-06-29 10:04:29 -05:00
Classic298
c31694af09 chore: Update SECURITY.md (#25773)
* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

* Extend the already-fixed/monitoring rule to public PRs and credit

Broaden the rule from "already fixed" to also cover issues already being fixed in
the open (e.g. an open pull request), extend the commit-monitoring pattern to PRs,
and fold in the credit consequence on provable grounds rather than an unprovable
bad-faith claim: a report of an already-public, already-fixed-or-being-fixed issue
filed strictly last is a duplicate we cannot distinguish from scraping, so it earns
no advisory. Credit belongs to whoever found or fixed it, who forfeits it by
disclosing publicly instead of reporting confidentially first — so a public fix
earns no advisory and no credit for anyone.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Remove Rule 14 (One Vulnerability Per Report)

The one-CVE-per-vulnerability constraint it restated is a CVE Program counting
rule, already binding through the "Alignment with the CVE Program" section.
Dropping the standalone rule removes the duplication; bundled reports are still
split on that basis when they arise.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* security policy: surface "What a Valid Report Gets You" near the top, refresh date

Move the "What a Valid Report Gets You" section up to directly under the good-faith
reporting section (it leads with what reporters receive, rather than burying it
below the rules), and update the last-updated date.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Update SECURITY.md

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 02:11:17 -05:00
Classic298
6360af36d8 Update SECURITY.md (#24726) 2026-05-15 09:30:48 +09:00
Timothy Jaeryang Baek
3ab7b777b1 refac 2026-05-09 05:15:12 +09:00
Classic298
1f977d072e chore: Update SECURITY.md (#24363)
* Update SECURITY.md

* Update SECURITY.md
2026-05-09 01:19:30 +09:00
Classic298
4e6a7baab7 Merge pull request #24356 from Classic298/patch-1
doc/chore: Update SECURITY.md
2026-05-05 03:45:57 +09:00
Timothy Jaeryang Baek
4023f6722b refac 2026-04-17 13:16:56 +09:00
Classic298
c81b3ef9ce sec (#22897) 2026-03-20 15:47:50 -05:00
Timothy Jaeryang Baek
7611762e04 doc: sec 2026-03-15 17:16:18 -05:00
Timothy Jaeryang Baek
636ab99ad8 feat: experimental open terminal integration 2026-02-25 15:15:53 -06:00
Classic298
e3f21d6c3b Update SECURITY.md (#21859) 2026-02-25 12:55:20 -06:00
Timothy Jaeryang Baek
49d57ae82b chore: format 2025-11-06 16:44:33 -05:00
Timothy Jaeryang Baek
0d0a37c884 chore: format 2025-11-06 16:39:07 -05:00
Timothy Jaeryang Baek
224e4c3a61 chore: format 2025-11-06 03:51:26 -05:00
Classic298
e4e2f8352c Revise SECURITY.md for improved clarity
Updated security reporting guidelines for clarity and structure.
2025-11-06 08:43:56 +01:00
Timothy Jaeryang Baek
a70bc52c34 chore: format 2025-10-26 19:33:39 -07:00
Classic298
ab07bab140 Clarify PR guidelines for translation contributions
Emphasize the importance of standalone PRs for translation updates.
2025-10-18 11:11:51 +02:00
Classic298
a483d41de2 Patch 1 (#22) 2025-10-17 11:32:17 +02:00
Timothy Jaeryang Baek
fd0e9652a8 chore: format 2025-10-16 11:36:26 -05:00
Classic298
e41836f8bd Update SECURITY.md 2025-10-12 17:24:38 +02:00
Classic298
0417a456c3 Update SECURITY.md 2025-10-12 17:23:23 +02:00
Classic298
3fc29b292c chore: expand SECURITY.MD once again 2025-10-12 17:08:13 +02:00
Classic298
8ca4596918 Update SECURITY.md 2025-10-09 09:03:36 +02:00
omahs
863f227be9 fix: typos 2025-05-05 14:14:59 +02:00
Allen Webb
76f99d193f docs/apache.md: Add websocket proxy
After 0.5 websocket support is required so update the proxy instructions
to include websockets.

Issue #8074#issuecomment-2562017399
2025-01-08 10:13:00 -06:00
Yuta Hayashibe
12516c8a45 fix: Fix typos 2024-10-14 16:22:07 +09:00
Timothy Jaeryang Baek
ec99ac7121 Update SECURITY.md 2024-08-19 09:18:40 -05:00
Timothy J. Baek
7ef5aa520c chore: format 2024-08-13 11:12:35 +01:00
Timothy J. Baek
40ecc2563a chore: format 2024-08-07 14:51:07 +02:00
Justin Hayes
35115957d8 Update SECURITY.md 2024-08-06 15:08:37 -04:00
Justin Hayes
b193eb1d82 Update SECURITY.md 2024-08-06 14:57:07 -04:00
Bartowski
25ee5f6cb0 Update CONTRIBUTING.md
Update step one to be opening a discussion rather than an issue
2024-06-05 16:24:24 -04:00
Justin Hayes
0586d76b5d Add line re: keeping PRs open 2024-06-03 16:26:30 -04:00
Ethan
4fa8d2aa5a Fixed link/formatting 2024-05-12 01:33:49 +00:00
Jannik Streidl
dbdc602791 added simplified + traditional chinese, updates uk keys, changed standart language code format to xx-XX 2024-03-14 12:10:04 +01:00
Ased Mammad
b76eb46d86 docs: Update contributing.md 2024-03-07 13:20:00 +03:30
Ased Mammad
df8aeb39c6 docs: Add translations section to contributing.md 2024-03-05 18:17:52 +03:30
Timothy J. Baek
90bcd1644a rename to open-webui 2024-02-16 23:30:38 -08:00
Justin Hayes
886e78d6fc Move to docs 2024-02-15 13:28:00 -05:00
Arthur25
ee1c37f70e Replaced old .ai TLD with new .com TLD 2024-02-14 23:17:45 +01:00
Doug Winzell
ca188b14ab Rename SECURITY.md to docs/SECURITY.md
Moved Security.md to /docs Will still show up on the GH security tab.
2024-01-25 07:54:18 -08:00
Oliver Bob Reyes Lagumen
8e0552f735 Idiot-Proof level HTTPS doc for apache 2024-01-17 20:30:52 +08:00
Anuraag Jain
8cd6eaf1bc docs: minor changes 2023-12-31 09:28:39 +02:00
Anuraag Jain
8f21de9c7c docs: add api workflow
- helps in development to understand what's happening under the hood
2023-12-30 14:20:34 +02:00