Identified vulnerabilities should be reported to security@astronomer.io.

When reporting a vulnerability, we request that you do not publicly disclose any information regarding the vulnerability until we've had the opportunity to analyze the vulnerability, to respond to the notification, and to notify key customers and partners, as appropriate.

While we greatly appreciate community reports regarding security issues, Astronomer does not provide compensation for vulnerability reports at this time.

Details on which versions are still in maintenance can be found in the AC Support Policy documentation.