Skip to main content
Version: 1.15

Security disclosure

The Kubewarden team greatly appreciates investigative work into security vulnerabilities carried out by well-intentioned, ethical security researchers. We follow the practice of responsible disclosure in order to best protect Kubewarden's user-base from the impact of security issues. On our side, this means:

  • We will respond to security incidents on priority.
  • We will release fixes for issues as soon as is practical, keeping in mind that not all risks are created equal.
  • We will always transparently let the community know about any incident that affects them.

If you have found a security vulnerability in Kubewarden, we kindly ask that you disclose it responsibly by emailing cncf-kubewarden-maintainers@lists.cncf.io . Please do not discuss potential vulnerabilities in public without validating with us first.

On receipt the security team will:

  • Review the report, verify the vulnerability and respond with confirmation and/or further information requests.
  • Once the reported security bug has been addressed we will notify the Researcher, who is then welcome to optionally disclose publicly.

Please, refer to the community repository to find more about the project Governance and Security Policy.