We actively support the latest version of this project.
| Version | Supported |
|---|---|
| latest | ✅ Yes |
| older | ❌ No |
If you are using an older version, we recommend upgrading to the latest release to receive security updates.
If you discover a security vulnerability, please report it responsibly.
Do not open a public GitHub issue.
Instead, report it privately using one of the following methods:
- Email: tobiokedeji@gmail.com
- Or: Open a private GitHub security advisory (preferred)
To create a private advisory:
- Go to the "Security" tab of this repository
- Click "Report a vulnerability"
- Fill in the details
Please include as much of the following as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
We aim to:
- Acknowledge receipt within 48 hours
- Provide an initial assessment within 5 days
- Work on a fix and release a patch as soon as possible
- We follow responsible disclosure
- Once the issue is fixed, we may:
- Publish a security advisory
- Credit the reporter (if desired)
This policy applies to:
- Core codebase
- APIs and interfaces
- Deployment configurations
Out of scope:
- Issues in third-party dependencies (should be reported upstream)
If you're deploying this project:
- Keep dependencies up to date
- Restrict access to your cluster and infrastructure
- Follow Kubernetes security best practices
- Do not expose internal services publicly without proper authentication
For any security-related concerns, please contact: