Security Policy

Question

Security Policy

jackfromeast opened this issue 11 days ago · 3 comments

jackfromeast commented 11 days ago

Is there an existing issue for this?

I have searched the existing issues

Contact Details

No response

What should this feature add?

Hi, InvokeAI maintainers!

We have found a critical vulnerability in InvokeAI. Could you set up a security policy for this repository to support responsible reporting of security issues?

Instructions can be found at: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

Thank you!

Alternatives

No response

Additional Content

No response

Answer 1 · 2024-11-23T08:35:01.000Z

I'm not invoke staff, but I'm pretty keen to learn more about this. Are you able to share the gist (without revealing full exploit details obviously) or -> invoke@ausbit.dev

Answer 2 · 2024-11-23T15:54:48.000Z

https://github.com/invoke-ai/InvokeAI/pull/7376/files <-- security@invoke.ai

Answer 3 · 2024-11-25T16:39:28.000Z

Thanks @ausbitbank and @hipsterusername for setting up the security policy!

I just sent my email and hope you guys can find time to review it.