| Version | Supported |
|---|---|
| Latest minor | ✓ |
| Older | ✗ |
Pre-1.0 releases get security fixes only in the latest minor.
Please report security vulnerabilities privately by emailing security@undermountain.cc. Do not open a public GitHub issue.
Include:
- A description of the vulnerability and its impact
- Steps to reproduce
- Affected versions of hermes-operator
- Affected Kubernetes versions (if relevant)
- Your suggested fix (optional)
We aim to:
- Acknowledge receipt within 3 business days
- Provide an initial assessment within 7 business days
- Coordinate a fix and public disclosure timeline with you
We follow responsible disclosure: once a fix is available, we publish a GitHub Security Advisory and credit reporters who wish to be credited.