Skip to content

Security: kanisterio/kanister

SECURITY.md

Security Policy

Reporting a Vulnerability

Current known vulnerabilities are listed in the github security advisories section for the repo. You can report a new vulnerability using Report a vulnerability tool.

Alternatively you can report it via kanisterio google group "Contact owners and managers" button: https://groups.google.com/g/kanisterio/about

The maintainers will help diagnose the severity of the issue and determine how to address the issue. Issues deemed to be non-critical will be filed as GitHub issues. Critical issues will receive immediate attention and be fixed as quickly as possible. The maintainers will then coordinate a release date with you.

Security Advisories

When serious security problems in Kanister are discovered and corrected, the maintainers issue a security advisory, describing the problem and containing a pointer to the fix. These will be announced on the Kanister's mailing list and websites and be visible in github security advisories.

Security issues are fixed as soon as possible, and the fixes are propagated to the stable branches as fast as possible. However, when a vulnerability is found during a code audit, or when several other issues are likely to be spotted and fixed in the near future, the maintainers may delay the release of a Security Advisory, so that one unique, comprehensive Security Advisory covering several vulnerabilities can be issued. Communication with vendors and other distributions shipping the same code may also cause these delays.

Learn more about advisories related to kanisterio/kanister in the GitHub Advisory Database