Skip to content

Security: Normation/rudder

SECURITY.md

Security Policy

πŸ”’ Security advisories

Our advisories are published on GitHub, all linked to the main rudder repository.

βœ‰οΈ Reporting a vulnerability

You can report any security vulnerability affecting Rudder sources, packages, or infrastructure (repositories, websites, etc.) you have found by contacting the Rudder security team either:

If you have not received a reply to your report within 48 hours, you can ask for updates on our chat room. As it is a public channel, please don't discuss specific details there, simply say you are waiting for a response from the security team.

πŸ“† Vulnerability disclosure

Security issues are treated in priority. Depending on its severity, an issue may be fixed in the next planned patch release or trigger a quick dedicated patch release.

When the fixed version is published, we mention the presence of security fixes (without specifics) in the change log. We later publish a detailed advisory, after an embargo period which depends on the vulnerability severity (but never more than 3 months).

🏷️ Supported Versions

The list of currently supported versions, receiving security updates, is available in the documentation.

Learn more about advisories related to Normation/rudder in the GitHub Advisory Database