Skip to content

Security: amousset/rudder

Security

SECURITY.md

Security Policy

🔒 Security advisories

Our advisories are published on GitHub, all linked to the main rudder repository.

✉️ Reporting a vulnerability

You can report any security vulnerability affecting Rudder sources, packages, or infrastructure (repositories, websites, etc.) you have found by contacting the Rudder security team either:

If you have not received a reply to your report within 48 hours, you can ask for updates on our chat room. As it is a public channel, please don't discuss specific details there, simply say you are waiting for a response from the security team.

📆 Vulnerability disclosure

Security issues are treated in priority. Sepending on its severity, an issue may be fixed in the next planned patch release or trigger a quick dedicated patch release.

When the fixed version is published, we mention the presence of security fixes (without specifics) in the change log. We later publish a detailed advisory, after an embargo period which depends on the vulnerability severity (but never more than 3 months).

🏷️ Supported Versions

The list of currently supported versions, receiving security updates, is available in the documentation.

There aren’t any published security advisories