Skip to content

Security: carbon-design-system/carbon

Security Navigation

SECURITY.md

Security Policy

Supported Versions

Version Supported
11.x
10.x
< 9.0

These supported versions include the different discrete version numbers of individual packages as listed in the release changelogs.

Please review the release schedule for full details on what release phase versions are in and the level of support provided for each.

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, report a vulnerability through GitHub's security advisory feature at https://github.com/carbon-design-system/carbon/security/advisories/new

Please include a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our team aims to respond to all new vulnerability reports within 7 business days.

Additional information on reporting vulnerabilities to IBM is available at https://www.ibm.com/trust/security-psirt

Preferred languages

We prefer all communications to be in English.

Comments on this policy

If you have suggestions on how this process could be improved please submit a pull request or file an issue to discuss.