Security Policy

Supported Versions

BentoML is currently under active development and releases a new version every 2-3 weeks. We always recommend users to move to a newer version when it became available, and we only provide security updates in the latest version.

If you are using an older version of BentoML and would like to receive security patches, let us know via BentoML Slack Channel or BentoML Discussions.

Reporting a Vulnerability

If you discover a potential security vulnerability, we kindly request that you refrain from sharing the information publicly and report it to us directly. Please send an email to [email protected] with the following details:

Description of the potential vulnerability.
Steps to reproduce the issue (if applicable).
Any relevant screenshots or logs.
Your contact information for further communication.

Alternatively, you can open a security advisory on GitHub.

Exceptions

The following reports are out of scope and will not be accepted as security vulnerabilities:

Reports about pickle-related vulnerabilities in the runner service or dependency service. We consider these scenarios to be purely theoretical and not a practical vulnerability in BentoML.

BentoML does not participate in Huntr.com's bug bounty program; we have no budget for bug bounties at this time nor do we plan to in the future.

Security Policy

Supported Versions

If you are using an older version of BentoML and would like to receive security patches, let us know via BentoML Slack Channel or BentoML Discussions.

Reporting a Vulnerability

Description of the potential vulnerability.
Steps to reproduce the issue (if applicable).
Any relevant screenshots or logs.
Your contact information for further communication.

Alternatively, you can open a security advisory on GitHub.

Exceptions

The following reports are out of scope and will not be accepted as security vulnerabilities:

Reports about pickle-related vulnerabilities in the runner service or dependency service. We consider these scenarios to be purely theoretical and not a practical vulnerability in BentoML.

BentoML does not participate in Huntr.com's bug bounty program; we have no budget for bug bounties at this time nor do we plan to in the future.

Security Policy

Security Policy

Supported Versions

Reporting a Vulnerability

Exceptions

Related Skills

<h1 align="center">

Frontend Typescript Linting.mdc

2. Apply Deepthink Protocol (reason about dependencies

Security Policy

Supported Versions

Reporting a Vulnerability

Exceptions