Skip to content
/ kube-rs Public
forked from kube-rs/kube

Latest commit

 

History

History
25 lines (15 loc) · 1.61 KB

SECURITY.md

File metadata and controls

25 lines (15 loc) · 1.61 KB

Security Policy

Supported Versions

We provide security updates for the two most recent minor versions released on crates.io.

For example, if 0.70.1 is the most recent stable version, we will address security updates for 0.69 and later. Once 0.71.1 is released, we will no longer provide updates for 0.69 releases.

Reporting a Vulnerability

To report a security problem in Kube-rs, please contact at least two maintainers

These people will help diagnose the severity of the issue and determine how to address the issue. Issues deemed to be non-critical will be filed as GitHub issues. Critical issues will receive immediate attention and be fixed as quickly as possible.

Security Advisories

When serious security problems in Kube-rs are discovered and corrected, we issue a security advisory, describing the problem and containing a pointer to the fix.

These are announced the RustSec Advisory Database, to our github issues under the label critical, as well as discord and other primary communication channels.

Security issues are fixed as soon as possible, and the fixes are propagated to the stable branches as fast as possible. However, when a vulnerability is found during a code audit, or when several other issues are likely to be spotted and fixed in the near future, the security team may delay the release of a Security Advisory, so that one unique, comprehensive Security Advisory covering several vulnerabilities can be issued. Communication with vendors and other distributions shipping the same code may also cause these delays.