This project is maintained by a small team of four and therefore lacks the resource to provide security fixes in a very timely manner.

That said, even though we are very passionate about making Helmfile rock solid security wise, all issues are handled on the best effort basis.

If you have important business(es) that relies on this project, please consider sponsoring the maintainers, so that they can commit more on providing such service.

Note that we don't currently have project-wide sponsorship enabled as we don't know how to share the amount of sponsorships with fairness. Please sponsor individuals instead! Thanks for your understanding.

To report a security issue, please email helmfile-security@googlegroups.com with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

A maintainer will try to respond within 5 working days. If the issue is confirmed as a vulnerability, a Security Advisory will be opened. This project currently tries to follow a 90 day disclosure timeline.