We're extremely grateful for security researchers and users that report vulnerabilities to the CRI-O community. All reports are thoroughly investigated by a set of community volunteers.
To make a report, email your vulnerability to the private cncf-crio-security@lists.cncf.io list with the security details and the details expected for all CRI-O bug reports.
- You think you discovered a potential security vulnerability in CRI-O
- You are unsure how a vulnerability affects CRI-O
- You think you discovered a vulnerability in another project that CRI-O depends on (for projects with their own vulnerability reporting and disclosure process, please report it directly there)
- You need help tuning CRI-O components for security
- You need help applying security related updates
- Your issue is not security related