github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/SECURITY.md (about) 1 # Security Policy 2 3 ## Supported Versions 4 5 To receive latest security and regular updates, users should stay up to date on all 6 releases. Prior to the release of a 1.0.0 version only the latest released version 7 will receive all security updates. 8 9 Please contact us at https://lakefs.io/contact-us/ if you need security updates for 10 an earlier version. 11 12 | Version | Supported | 13 | ------- | ------------------ | 14 | latest | :white_check_mark: | 15 | < latest| :x: | 16 17 ## Staying Up to Date 18 19 We announce all releases on the [lakefs-releases][slack-lakefs-releases] channel of 20 our Slack workspace. There is also a mailing list for security announcements which 21 you can join: [security-announce@treeverse.io][security-mailing-list]. 22 23 ## Reporting a Vulnerability 24 25 We take the security of lakeFS seriously. You can help us by following responsible 26 disclosure guidelines. 27 28 If you believe you’ve discovered a serious vulnerability, please report it to us by 29 emailing security@treeverse.io. Please **do _NOT_** open an issue as GitHub issues 30 are publicly discoverable. We acknowledge reports within 24 hours. We will report 31 progress to the email used for reporting. 32 33 We will evaluate your report and if necessary issue a fix and an advisory. We would 34 like to credit you if the issue was unknown to us prior to your report; please tell 35 us if you would prefer that we do not. 36 37 We will work to release a fix within 90 days. In rare conditions we may request an 38 additional 14 days to release a fix. This is in line with disclosure policies such 39 as those of [Google Project Zero][project-zero-policy]. Hopefully we shall release 40 a fix well before then. 41 42 [project-zero-policy]: https://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html 43 [slack-lakefs-releases]: https://lakefs.slack.com/archives/C017S6YFFSP 44 [security-mailing-list]: https://groups.google.com/g/lakefs-security-announce