Add contact information to security policy

Open p- opened this issue 1 year ago • 1 comments

Hey 👋

I would like to report potential vulnerabilities in RAGFlow. But the current security policy is missing a security contact (e.g. email address). - So it doesn't seem possible to report vulnerabilities in private.

Instead of providing a security contact you can also enable private vulnerability reporting: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository for your repositories.

Thanks

Oct 16 '24 06:10 p-

Appreciate! Private vulnerability reporting is enabled.

Oct 17 '24 01:10 KevinHuSh

Thanks!

Oct 17 '24 13:10 p-