Security Policy
Supported Versions
The KitOps project community is committed to keeping our code secure. We actively patch our latest releases for security issues, so we encourage all users to upgrade as quickly as possible. Below are our supported versions:
| Version | Supported |
|---|---|
| latest | ✅ |
| nightly | ❌ |
| older versions | ❌ |
Reporting a Vulnerability
We're grateful to users who report vulnerabilities, and all reports are thoroughly reviewed and investigated.
When Should I Report a Vulnerability?
You should report if:
- You think you have discovered a potential security vulnerability
- You are uncertain about the security impact of an issue
How to Report a Vulnerability?
If you discover a potential security vulnerability, please report it using GitHub’s Security Advisories. This process will create a private advisory visible only to the maintainers for review.
To protect the community, do NOT create a public issue, pull request, or discussion.
Security Vulnerability Response
Our maintainers will review and respond to your report within 5 working days. Depending on the severity and complexity of the issue, resolution times may vary, but we will keep you informed throughout the process. The disclosure date will be agreed upon between the maintainers and the reporter.