mirror of
https://github.com/farcasclaudiu/Flowise.git
synced 2026-06-22 09:01:09 +03:00
Henry Heng
7cc2c13694
* add gemini flash * add gemin flash to vertex * add gemin-1.5-flash-preview to vertex * add azure gpt 4o * add claude 3.5 sonnet * add mistral nemo * add groq llama3.1 * add gpt4o-mini to azure * o1 mini * add groq llama 3.2 * update anthropic models * add 3.5 haiku * update vertex embedding models * add azure o1 models * add o3 mini * add wolframalpha tool * Update pnpm-lock.yaml * add claude sonnet 3.7 to vertex and bedrock * Update pnpm-lock.yaml * update gemini * Update pnpm-lock.yaml * add opus 4.5 * Update CONTRIBUTING-ZH.md * Update compose.yaml
39 lines
1.8 KiB
Markdown
39 lines
1.8 KiB
Markdown
### Responsible Disclosure Policy
|
|
|
|
At Flowise, we prioritize security and continuously work to safeguard our systems. However, vulnerabilities can still exist. If you identify a security issue, please report it to us so we can address it promptly. Your cooperation helps us better protect our platform and users.
|
|
|
|
### Out of scope vulnerabilities
|
|
|
|
- Clickjacking on pages without sensitive actions
|
|
- CSRF on unauthenticated/logout/login pages
|
|
- Attacks requiring MITM (Man-in-the-Middle) or physical device access
|
|
- Social engineering attacks
|
|
- Activities that cause service disruption (DoS)
|
|
- Content spoofing and text injection without a valid attack vector
|
|
- Email spoofing
|
|
- Absence of DNSSEC, CAA, CSP headers
|
|
- Missing Secure or HTTP-only flag on non-sensitive cookies
|
|
- Deadlinks
|
|
- User enumeration
|
|
|
|
### Reporting Guidelines
|
|
|
|
- Submit your findings to https://github.com/FlowiseAI/Flowise/security
|
|
- Provide clear details to help us reproduce and fix the issue quickly.
|
|
|
|
### Disclosure Guidelines
|
|
|
|
- Do not publicly disclose vulnerabilities until we have assessed, resolved, and notified affected users.
|
|
- If you plan to present your research (e.g., at a conference or in a blog), share a draft with us at least **30 days in advance** for review.
|
|
- Avoid including:
|
|
- Data from any Flowise customer projects
|
|
- Flowise user/customer information
|
|
- Details about Flowise employees, contractors, or partners
|
|
|
|
### Response to Reports
|
|
|
|
- We will acknowledge your report within **5 business days** and provide an estimated resolution timeline.
|
|
- Your report will be kept **confidential**, and your details will not be shared without your consent.
|
|
|
|
We appreciate your efforts in helping us maintain a secure platform and look forward to working together to resolve any issues responsibly.
|