From c0f2f1b2ecb7f09677f06680a4e392aa167ba5fa Mon Sep 17 00:00:00 2001 From: Xuan Son Nguyen Date: Sun, 11 Jan 2026 12:30:39 +0100 Subject: [PATCH 1/2] security: make it clear about subtopics in server --- SECURITY.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index dd3a78d2909..3d2bbe6ebe8 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -38,7 +38,10 @@ Only vulnerabilities that fall within these parts of the project are considered - `src/**/*` - `ggml/**/*` - `gguf-py/**/*` -- `tools/server/*` (note: Web UI is not covered) +- `tools/server/*`, excluding the following topics: + - Web UI + - Features marked as experimental + - Features not recommended for use in untrusted environments (e.g., router, MCP) Note that none of the topics under [Using llama.cpp securely](#using-llamacpp-securely) are considered vulnerabilities in LLaMA C++. From 6c9c99c8fb5b337f153e1b91f75659f82b1ff17a Mon Sep 17 00:00:00 2001 From: Xuan Son Nguyen Date: Sun, 11 Jan 2026 12:36:51 +0100 Subject: [PATCH 2/2] exclude DoS --- SECURITY.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 3d2bbe6ebe8..9a937323181 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -38,10 +38,11 @@ Only vulnerabilities that fall within these parts of the project are considered - `src/**/*` - `ggml/**/*` - `gguf-py/**/*` -- `tools/server/*`, excluding the following topics: +- `tools/server/*`, **excluding** the following topics: - Web UI - Features marked as experimental - Features not recommended for use in untrusted environments (e.g., router, MCP) + - Bugs that can lead to Denial-of-Service attack Note that none of the topics under [Using llama.cpp securely](#using-llamacpp-securely) are considered vulnerabilities in LLaMA C++.