From: Xuan-Son Nguyen <redacted>
Date: Sun, 11 Jan 2026 15:51:03 +0000 (+0100)
Subject: security: make it clear about subtopics in server (#18754)
X-Git-Tag: upstream/0.0.7721~15
X-Git-Url: https://git.djapps.eu/?a=commitdiff_plain;h=4b060bf240daaeb4fc83386a628b9dfedeb33342;p=pkg%2Fggml%2Fsources%2Fllama.cpp

security: make it clear about subtopics in server (#18754)

* security: make it clear about subtopics in server

* exclude DoS
---

diff --git a/SECURITY.md b/SECURITY.md
index dd3a78d2..9a937323 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -38,7 +38,11 @@ Only vulnerabilities that fall within these parts of the project are considered
 - `src/**/*`
 - `ggml/**/*`
 - `gguf-py/**/*`
-- `tools/server/*` (note: Web UI is not covered)
+- `tools/server/*`, **excluding** the following topics:
+    - Web UI
+    - Features marked as experimental
+    - Features not recommended for use in untrusted environments (e.g., router, MCP)
+    - Bugs that can lead to Denial-of-Service attack
 
 Note that none of the topics under [Using llama.cpp securely](#using-llamacpp-securely) are considered vulnerabilities in LLaMA C++.