Currently, only the latest version of Open WebUI Tools is supported with security updates. We encourage users to regularly update their tools and functions to the latest configurations provided in the main repository.

We take the security of Open WebUI Tools seriously. If you discover a security vulnerability within this project, please report it privately.

Please do not report security vulnerabilities through public GitHub issues.

Instead, please send an email to: haervwe@gmail.com

Please include the following information in your report:

• Type of issue (e.g., cross-site scripting, arbitrary file read, host header injection, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (commit hash or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof of concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

You can expect an acknowledgment of your report within 48 hours. I will triage the vulnerability and coordinate the fix and disclosure process with you.

As note: this project doesn't currently have a formal bug bounty program since it's a solo developer / hobbyist endeavor, but I am happy to credit you in the repository for any confirmed findings.

Thank you for helping make Open WebUI Tools more secure!