github.com/kiali/kiali@v1.84.0/SECURITY.md

github.com/kiali/kiali@v1.84.0/SECURITY.md (about)

     1  # Security Policy
     2  Kiali takes security seriously and encourages users to report security concerns.
     3  
     4  If you run a security scan on Kiali software that automatically generates a list of potential vulnerabilities and would like to report this security scan report to the Kiali team, we ask that you first verify that your scan is correctly validating the latest release and that the list of results is valid, contains no duplicates, and the reported vulnerabilities truly affect Kiali. Security report investigation often takes priority over scheduled work and can be time consuming for the Kiali maintainers to research and validate. So, please verify that your submitted report accurately reflects the Kiali software being scanned, and that the reported security issue(s) actually affect Kiali or one of its dependencies.
     5  
     6  For current security bulletins see https://kiali.io/news/security-bulletins
     7  
     8  ## Supported Versions
     9  Kiali provides security updates for versions used in supported versions of the following products:
    10  
    11  - Istio
    12  - Red Hat OpenShift ServiceMesh
    13  
    14  Please let us know in your report if you are reporting a Kiali security issue for a supported environment
    15  outside of those listed above.
    16  
    17  Upstream releases are frequent and include security fixes as soon as possible.
    18  
    19  ## Reporting a Vulnerability
    20  Please send mail to kiali-security@googlegroups.com to report a security issue found in Kiali.  We will update you
    21  via e-mail when the issue has been evaluated.
    22  
    23  Please do NOT reveal any potential security issue in a Kiali github issue, or on other Kiali mailing lists.