Compare commits
42 Commits
main
...
chore/Mode
| Author | SHA1 | Date |
|---|---|---|
Henry Heng
|
a18de85475 | |
|
Henry Heng
|
a6774daddb | |
Henry
|
3e18192bd7 | |
|
Henry Heng
|
d67331e690 | |
|
Henry
|
9b9798b451 | |
|
Henry
|
0c8b6d586a | |
|
Henry
|
d2a77f9c0f | |
|
Henry
|
0eed9f8a2e | |
|
Henry Heng
|
cd8a102ee4 | |
|
Henry
|
e18c034807 | |
|
Henry
|
72974af1fd | |
|
Henry
|
93f298d3d4 | |
|
Henry
|
1a61446109 | |
|
Henry Heng
|
9950c358ac | |
|
Henry
|
eee7d2c3f6 | |
|
Henry
|
bcb24fb4b0 | |
|
Henry
|
cf88b79927 | |
|
Henry
|
fdf84811ac | |
|
Henry
|
eb77c48487 | |
|
Henry
|
c379a582f8 | |
|
Henry
|
1d8224083a | |
|
Henry
|
703acdc83a | |
|
Henry
|
8dcddc1c29 | |
|
Henry
|
006a9a2b33 | |
|
Henry
|
d94726432f | |
|
Henry
|
822f36425f | |
|
Henry
|
632825ef86 | |
|
Henry
|
5576207bbf | |
|
Henry
|
9fa7b13868 | |
|
Henry
|
b2bfe80644 | |
|
Henry
|
b8e92347ad | |
|
Henry
|
18b5de30c7 | |
|
Henry
|
ef480c91fc | |
|
Henry
|
1edf59e3cd | |
|
Henry
|
6e82ce8468 | |
|
Henry
|
3185d652fe | |
|
Henry
|
07fef8cb78 | |
|
Henry
|
7efdac900f | |
|
Henry
|
7ef7792dc3 | |
|
Henry
|
740f986b9f | |
|
Henry
|
73ad444e6c | |
|
Henry
|
a98a8ca77c |
42
SECURITY.md
42
SECURITY.md
|
|
@ -4,35 +4,35 @@ At Flowise, we prioritize security and continuously work to safeguard our system
|
|||
|
||||
### Out of scope vulnerabilities
|
||||
|
||||
- Clickjacking on pages without sensitive actions
|
||||
- CSRF on unauthenticated/logout/login pages
|
||||
- Attacks requiring MITM (Man-in-the-Middle) or physical device access
|
||||
- Social engineering attacks
|
||||
- Activities that cause service disruption (DoS)
|
||||
- Content spoofing and text injection without a valid attack vector
|
||||
- Email spoofing
|
||||
- Absence of DNSSEC, CAA, CSP headers
|
||||
- Missing Secure or HTTP-only flag on non-sensitive cookies
|
||||
- Deadlinks
|
||||
- User enumeration
|
||||
- Clickjacking on pages without sensitive actions
|
||||
- CSRF on unauthenticated/logout/login pages
|
||||
- Attacks requiring MITM (Man-in-the-Middle) or physical device access
|
||||
- Social engineering attacks
|
||||
- Activities that cause service disruption (DoS)
|
||||
- Content spoofing and text injection without a valid attack vector
|
||||
- Email spoofing
|
||||
- Absence of DNSSEC, CAA, CSP headers
|
||||
- Missing Secure or HTTP-only flag on non-sensitive cookies
|
||||
- Deadlinks
|
||||
- User enumeration
|
||||
|
||||
### Reporting Guidelines
|
||||
|
||||
- Submit your findings to https://github.com/FlowiseAI/Flowise/security
|
||||
- Provide clear details to help us reproduce and fix the issue quickly.
|
||||
- Submit your findings to https://github.com/FlowiseAI/Flowise/security
|
||||
- Provide clear details to help us reproduce and fix the issue quickly.
|
||||
|
||||
### Disclosure Guidelines
|
||||
|
||||
- Do not publicly disclose vulnerabilities until we have assessed, resolved, and notified affected users.
|
||||
- If you plan to present your research (e.g., at a conference or in a blog), share a draft with us at least **30 days in advance** for review.
|
||||
- Avoid including:
|
||||
- Data from any Flowise customer projects
|
||||
- Flowise user/customer information
|
||||
- Details about Flowise employees, contractors, or partners
|
||||
- Do not publicly disclose vulnerabilities until we have assessed, resolved, and notified affected users.
|
||||
- If you plan to present your research (e.g., at a conference or in a blog), share a draft with us at least **30 days in advance** for review.
|
||||
- Avoid including:
|
||||
- Data from any Flowise customer projects
|
||||
- Flowise user/customer information
|
||||
- Details about Flowise employees, contractors, or partners
|
||||
|
||||
### Response to Reports
|
||||
|
||||
- We will acknowledge your report within **5 business days** and provide an estimated resolution timeline.
|
||||
- Your report will be kept **confidential**, and your details will not be shared without your consent.
|
||||
- We will acknowledge your report within **5 business days** and provide an estimated resolution timeline.
|
||||
- Your report will be kept **confidential**, and your details will not be shared without your consent.
|
||||
|
||||
We appreciate your efforts in helping us maintain a secure platform and look forward to working together to resolve any issues responsibly.
|
||||
|
|
|
|||
|
|
@ -3,6 +3,13 @@
|
|||
{
|
||||
"name": "awsChatBedrock",
|
||||
"models": [
|
||||
{
|
||||
"label": "anthropic.claude-opus-4-5-20251101-v1:0",
|
||||
"name": "anthropic.claude-opus-4-5-20251101-v1:0",
|
||||
"description": "Claude 4.5 Opus",
|
||||
"input_cost": 0.000005,
|
||||
"output_cost": 0.000025
|
||||
},
|
||||
{
|
||||
"label": "anthropic.claude-sonnet-4-5-20250929-v1:0",
|
||||
"name": "anthropic.claude-sonnet-4-5-20250929-v1:0",
|
||||
|
|
@ -505,6 +512,13 @@
|
|||
{
|
||||
"name": "chatAnthropic",
|
||||
"models": [
|
||||
{
|
||||
"label": "claude-opus-4-5",
|
||||
"name": "claude-opus-4-5",
|
||||
"description": "Claude 4.5 Opus",
|
||||
"input_cost": 0.000005,
|
||||
"output_cost": 0.000025
|
||||
},
|
||||
{
|
||||
"label": "claude-sonnet-4-5",
|
||||
"name": "claude-sonnet-4-5",
|
||||
|
|
@ -769,6 +783,13 @@
|
|||
"input_cost": 1.25e-7,
|
||||
"output_cost": 3.75e-7
|
||||
},
|
||||
{
|
||||
"label": "claude-opus-4-5@20251101",
|
||||
"name": "claude-opus-4-5@20251101",
|
||||
"description": "Claude 4.5 Opus",
|
||||
"input_cost": 0.000005,
|
||||
"output_cost": 0.000025
|
||||
},
|
||||
{
|
||||
"label": "claude-sonnet-4-5@20250929",
|
||||
"name": "claude-sonnet-4-5@20250929",
|
||||
|
|
|
|||
Loading…
Reference in New Issue