eliott/ort
1
0
Fork 0
mirror of https://github.com/pykeio/ort synced 2026-04-25 16:34:55 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5eb59f2ff5a597e0666b2d0cb8a901ffe54742e
ort/SECURITY.md
Carson M. 2e9b1afba4 docs: add CONTRIBUTING & SECURITY
2025-11-16 23:30:45 -06:00

12 lines
1.0 KiB
Markdown
Raw Blame History

# Reporting security concerns
Security concerns should be reported to [contact@pyke.io](mailto:contact@pyke.io?subject=ort%20vulnerability%20disclosure). **Do not report vulnerabilities in GitHub issues** or any other public forum (GitHub Discussions, Discord).
When making a report, ensure that the issue is actionable by `ort` or one of its alternative backends - `ort-candle`, `ort-tract`, and `ort-web`. For example: a buffer overflow caused by a bad session input name *is* actionable; an RCE caused by a maliciously crafted `.onnx` file *is not* actionable (as `ort` itself does not handle model loading), and we suggest you report the issue to the underlying runtime instead.
For issues affecting ONNX Runtime in general, see [Microsoft's security disclosure information](https://github.com/microsoft/onnxruntime/blob/main/SECURITY.md).
## Maintained versions
1.x branches of `ort` are not maintained and will not receive security patches.
After version 2.0.0 is stable, all minor versions (2.x) will receive security patches.
Reference in New Issue View Git Blame Copy Permalink