We understand that community members may identify potential security vulnerabilities. Identified vulnerabilities should be reported to security@astronomer.io. When reporting a vulnerability, we request that you do not publicly disclose any information regarding the vulnerability until we've had the opportunity to analyze the vulnerability, to respond to the notification, and to notify key customers and partners, as appropriate.
While we greatly appreciate community reports regarding security issues, Astronomer does not provide compensation for vulnerability reports at this time.