The Pivotal Application Security Team provides a single point of contact for the reporting of security vulnerabilities in Pivotal products and coordinates the process of investigating any reported vulnerabilities.

If you would like to subscribe to security disclosures impacting Pivotal products and dependencies, the RSS feed for all vulnerability reports is available here. This feed can be filtered to just Pivotal product vulnerabilities here or just notable vulnerabilities in dependences here.

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

The e-mail address to use to contact the Pivotal Application Security Team is security@pivotal.io.

Please note that the e-mail address above should only be used for reporting undisclosed security vulnerabilities in Pivotal products and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security related queries at this address.

If you wish to send encrypted email, our public key can be obtained from a public key server such as keys.openpgp.org. The fingerprint is: AA8F D966 7001 70B7 087E B407 04A1 595B 8F19 137B