Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Security audit WG disclosure process #3982
The majority of the issue identified by the researchers in the ToB report have seemingly not been addressed at the time of the release. In the past day the new issues were assigned public GitHub issues. The issues can be tracked under kubernetes/kubernetes#81146.
Some of the issues described in the report should be treated as security enhancements or feature suggestions, and it may be desirable to make them public and open GitHub issues for their discussion. However, there are some issues that should be considered security vulnerabilities that would normally not be disclosed prior to a fix release.
The report was disclosed privately and each item reviewed by the product security committee prior to release. All of the identified items were judged to be appropriate to fix via a public issue, for one or more of the following reasons: