F5 and NGINX take the security of our projects seriously. If you believe you have found a security vulnerability in any open source NGINX project, please report it to us as described below.

We advise users to run or update to the most recent release of this project. Older versions of this project may not have all enhancements and/or bug fixes applied to them.

The F5 Security Incident Response Team (F5 SIRT) has an email alias that makes it easy to report potential security vulnerabilities.

If you’re an F5 customer with an active support contract, please contact F5 Technical Support. If you aren’t an F5 customer, please report any potential or current instances of security vulnerabilities with any F5 product to the F5 Security Incident Response Team at F5SIRT@f5.com

For more information visit, https://www.f5.com/services/support/report-a-vulnerability