At ZITADEL we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
After the initial Release the following version support will apply
| Version | Supported |
|---|---|
| 0.x.x | ✅ |
| 1.x.x | ✅ |
| 2.x.x | ✅ |
To file a incident, please disclose by email to security@zitadel.com with the security details.
At the moment GPG encryption is no yet supported, however you may sign your message at will.
- You think you discovered a ...
- ... potential security vulnerability in the SDK
- ... vulnerability in another project that this SDK bases on
- For projects with their own vulnerability reporting and disclosure process, please report it directly there
- You need help applying security related updates
- Your issue is not security related
TBD
All accepted and mitigated vulnerability's will be published on the Github Security Page
We think it is crucial to publish advisories ASAP as mitigation's are ready. But due to the unknown nature of the disclosures the time frame can range from 7 to 90 days.