mirror of
https://github.com/zitadel/zitadel
synced 2024-11-22 18:44:40 +00:00
b2d708cb40
* Create SECURITY.md * Update README.md
1.5 KiB
1.5 KiB
Security Policy
At CAOS we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
Supported Versions
After the initial Release the following version support will apply
Version | Supported |
---|---|
1.x.x | ✅ (not yet available) |
0.x.x | ❌ |
Reporting a vulnerability
To file a incident, please disclose by email to security@caos.ch with the security details.
At the moment GPG encryption is no yet supported, however you may sign your message at will.
When should I report a vulnerability
- You think you discovered a ...
- ... potential security vulnerability in zitadel
- ... vulnerability in another project that zitadel bases on
- For projects with their own vulnerability reporting and disclosure process, please report it directly there
When should I NOT report a vulnerability
- You need help applying security related updates
- Your issue is not security related
Security Vulnerability Response
TBD
Public Disclosure
All accepted and mitigated vulnerabilitys will be published on the Github Security Page
Timing
We think it is crucial to publish advisories ASAP
as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days.