Security is important for us. Security vulnerabilities or suspected security vulnerabilities should be reported to Strimzi maintainers privately, to minimize attacks against current users of Strimzi before they are fixed. Reported vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible.

IMPORTANT: Please do not file public issues on GitHub for security vulnerabilities

To report a vulnerability or a security-related issue, please email the private mailing list cncf-strimzi-maintainers@lists.cncf.io with the details of the vulnerability. Do not report non-security-impacting issues through this channel. Use GitHub issues instead.