From b4e5e2f45cd5ad4be8a0c2c3bd5a2f31cfd5dc87 Mon Sep 17 00:00:00 2001 From: Louis Lam Date: Fri, 13 Feb 2026 21:25:13 +0800 Subject: [PATCH] chore: Update security policy and reporting guidelines (#6925) --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 633234e92..f25348af0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,9 @@ # Security Policy +>[!CAUTION] +> Unfortunately, AI slop reports keep wasting my time. It will be closed and you will get banned immediately if you try to do that. + + ## Reporting a Vulnerability 1. Please report security issues to @@ -11,6 +15,7 @@ - Do not report any upstream dependency issues / scan result by any tools. It will be closed immediately without explanations. Unless you have PoC to prove that the upstream issue affected Uptime Kuma. - Do not use the public issue tracker or discuss it in public as it will cause more damage. +- Do not report any SSRF issues. ## Do you accept other 3rd-party bug bounty platforms?