From f83f44823c45021a6c2dc94a5f99824aca301ebb Mon Sep 17 00:00:00 2001 From: Anders Schwartz Date: Fri, 24 Jan 2025 18:13:13 -0500 Subject: [PATCH 1/4] fix: set docker architecture explicitly to ensure google-chrome is available to install --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 864391b..ba0aa9c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,6 @@ services: browser-use-webui: + platform: linux/amd64 build: context: . dockerfile: Dockerfile From 7d9f81a8c6805d4960ac19513df03d364e36e9e7 Mon Sep 17 00:00:00 2001 From: Anders Schwartz Date: Fri, 24 Jan 2025 20:31:24 -0500 Subject: [PATCH 2/4] add missing netcat for health check --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 0d635ac..da615a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,7 @@ FROM python:3.11-slim # Install system dependencies RUN apt-get update && apt-get install -y \ wget \ + netcat-traditional \ gnupg \ curl \ unzip \ From dd20dd4f8c5b544c6129f8a44a1c8c08e9793bfd Mon Sep 17 00:00:00 2001 From: 0x01 <33686367+bugdisclose@users.noreply.github.com> Date: Sun, 26 Jan 2025 04:08:12 +0530 Subject: [PATCH 3/4] Create SECURITY.md --- SECURITY.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f6c3df8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +## Reporting Security Issues + +If you believe you have found a security vulnerability in browser-use, please report it through coordinated disclosure. + +**Please do not report security vulnerabilities through the repository issues, discussions, or pull requests.** + +Instead, please open a new [Github security advisory](https://github.com/browser-use/web-ui/security/advisories/new). + +Please include as much of the information listed below as you can to help me better understand and resolve the issue: + +* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) +* Full paths of source file(s) related to the manifestation of the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Any special configuration required to reproduce the issue +* Step-by-step instructions to reproduce the issue +* Proof-of-concept or exploit code (if possible) +* Impact of the issue, including how an attacker might exploit the issue + +This information will help me triage your report more quickly. From be01aaf33671e1bb07de671af6c430979604e11f Mon Sep 17 00:00:00 2001 From: wraps Date: Sun, 26 Jan 2025 15:39:35 +0100 Subject: [PATCH 4/4] feat: add Ollama endpoint configuration - Added `OLLAMA_ENDPOINT` environment variable to `.env.example` - Updated `get_llm_model` function in `src/utils/utils.py` to use the new `OLLAMA_ENDPOINT` environment variable if not provided --- .env.example | 2 ++ src/utils/utils.py | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 7b53b7a..fe2c67c 100644 --- a/.env.example +++ b/.env.example @@ -11,6 +11,8 @@ AZURE_OPENAI_API_KEY= DEEPSEEK_ENDPOINT=https://api.deepseek.com DEEPSEEK_API_KEY= +OLLAMA_ENDPOINT=http://localhost:11434 + # Set to false to disable anonymized telemetry ANONYMIZED_TELEMETRY=true diff --git a/src/utils/utils.py b/src/utils/utils.py index 18ce403..34ead04 100644 --- a/src/utils/utils.py +++ b/src/utils/utils.py @@ -89,11 +89,16 @@ def get_llm_model(provider: str, **kwargs): google_api_key=api_key, ) elif provider == "ollama": + if not kwargs.get("base_url", ""): + base_url = os.getenv("OLLAMA_ENDPOINT", "http://localhost:11434") + else: + base_url = kwargs.get("base_url") + return ChatOllama( model=kwargs.get("model_name", "qwen2.5:7b"), temperature=kwargs.get("temperature", 0.0), num_ctx=kwargs.get("num_ctx", 32000), - base_url=kwargs.get("base_url", "http://localhost:11434"), + base_url=base_url, ) elif provider == "azure_openai": if not kwargs.get("base_url", ""):