github.com/olli-ai/jx/v2@v2.0.400-0.20210921045218-14731b4dd448/SECURITY.md (about) 1 # Security Policy 2 3 The Jenkins X project takes security seriously. We make every possible effort to ensure users can adequately secure their automation infrastructure. To that end, we work with Jenkins X platform and app developers, as well as security researchers, to fix security vulnerabilities in Jenkins X in a timely manner, and to improve the security of Jenkins X in general. 4 5 ## Supported Versions 6 7 | Version | Supported | 8 | ------- | ------------------ | 9 | 2.0.x | :white_check_mark: | 10 11 12 ## Reporting a Vulnerability 13 14 If you find a vulnerability in Jenkins X, please report it in the Jenkins CI issue tracker under the [SECURITY](https://issues.jenkins-ci.org/browse/SECURITY) project. **Please do not report security issues in the github tracker.** 15 This project is configured in such a way that only the reporter and the security team can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it before the method of attack becomes well-known. 16 17 If you are unable to report using the above issue tracker, you can also send your report to the private Jenkins Security Team mailing list: jenkinsci-cert@googlegroups.com 18 19 ## Vulnerabilities in Apps 20 21 Whilst the Jenkins X team is not responsible for the quality of third party apps, please still use the above reporting mechanism and we will co-ordinate with the app developer to ensure a fix in a secure maner.