Please do not open a public GitHub issue for security vulnerabilities.
Email: security@cloudsmith.cloud
We will acknowledge receipt within 2 business days and provide a remediation timeline within 7 business days.
We follow coordinated disclosure: we will notify you before any public announcement and credit you in the release notes unless you prefer to remain anonymous.
| Version | Supported |
|---|---|
| Latest | ✅ |
- Remote code execution
- Authentication / authorization bypass
- Privilege escalation
- Data leakage / exposure of secrets
- Denial of service (persistent only)