Thank you for your interest in the security of the deployKF project. We value the contributions of our community and are committed to ensuring the safety and integrity of our software. To that end, we have established the following security disclosure policy to streamline the process of reporting and addressing security vulnerabilities.
If you believe you have discovered a security vulnerability in the deployKF project, please do NOT disclose the issue publicly through the GitHub issues system, instead, please use one of the following options:
Use the "Security Advisories" page within the deployKF/deployKF GitHub repository to report the vulnerability.
Send an email with the relevant details to our security team at security-disclosures@deploykf.org.
In your email, please include the following information:
- A description of the vulnerability.
- The potential impact of the vulnerability.
- Any known steps to reproduce the vulnerability.
- Your contact information, in case we need further clarification.
We will aim to acknowledge receipt of your email within 48 hours and will work with you to assess the vulnerability and coordinate the appropriate response.
Once a security issue has been evaluated and a fix has been implemented, we will publicly disclose the vulnerability on the "Security Advisories" page within the deployKF GitHub repository. This disclosure will include a summary of the issue, affected versions, and instructions for applying the necessary patches or workarounds.
We kindly request that you give us reasonable time to address any security vulnerabilities before publicly disclosing them. This ensures that we can properly assess, address, and disclose the issue in a manner that best protects our users.
Thank you for helping to keep deployKF secure. Your responsible disclosure of security vulnerabilities helps us maintain the safety and integrity of our project and its users.