This document outlines the security policy for the Enhanced SearXNG Web Search Tool, including which versions are currently supported with security updates and how to report a vulnerability.
We are committed to ensuring the security of our tool. Below is a table detailing which versions are currently receiving security updates. We encourage all users to use the latest stable version to ensure they have the latest security patches.
| File Name | Version | Supported |
|---|---|---|
| web_search_tool_v1.0.py | 1.0 | ✅ |
Note:
- ✅ Indicates that the version is actively supported with security updates.
- ❌ Indicates that the version is no longer supported. We recommend upgrading to a supported version as soon as possible.
The Enhanced SearXNG Web Search Tool does not currently include an automatic update mechanism. To update to the latest version:
- Check the repository for the latest version of
web_search_tool_v1.0.py - Copy the updated code
- Navigate to your OpenWebUI admin panel
- Go to Workspace → Tools
- Find the Enhanced SearXNG Web Search Tool
- Click Edit
- Replace the existing code with the updated version
- Save the changes
We recommend checking the repository regularly for security updates and new features.
The security of our tool is a top priority. We appreciate the community's efforts in identifying and reporting security vulnerabilities. If you believe you have found a security vulnerability in our tool, please report it to us as soon as possible.
To report a vulnerability, please open a security advisory in the GitHub repository or send an email to our security team at security.git@jfmd.us. Please do not report security vulnerabilities through public GitHub issues.
In your report, please include the following information:
- A descriptive title for the vulnerability.
- A detailed description of the vulnerability, including the steps to reproduce it.
- The version(s) of the tool affected.
- Any proof-of-concept code or exploits.
- Your name and contact information (optional).
After you submit a vulnerability report, you can expect the following:
- Confirmation: We will acknowledge receipt of your report within 48 hours.
- Triage: We will investigate the vulnerability and determine its severity and impact.
- Updates: We will provide you with regular updates on the status of your report, at least every 7 days.
- Resolution: If the vulnerability is accepted, we will work on a patch and schedule a release. We will notify you once the vulnerability has been resolved.
- Disclosure: We will publicly disclose the vulnerability after it has been patched, and we will credit you for your discovery unless you prefer to remain anonymous.
We appreciate your help in keeping our tool secure. All security reports will be treated with the utmost confidentiality.