You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The devfiles team takes immediate action to address security-related issues involving devfile projects.
Note, that normally we try to fix issues found for the latest releases of our projects. Backport fixes will be made only for exceptional cases, if the team has identified the need to do so.
## Reporting process
When a security vulnerability is found is important to not accidentally broadcast to the world that the issue exists, as this makes it easier for people to exploit it. The preferred way of reporting security issues in Devfiles is listed below.
### Email team devfile
An email to <ahref="mailto:[email protected]">[email protected]</a> is the preferred mechanism for outside users to report security issues. A member of the devfile team will open the required issues and keep you up-to-date about the status of the issue.
### What to avoid
Do not open a public issue, send a pull request, or disclose any information about the suspected vulnerability publicly, **including in your own publicly visible git repository**.
