We take security seriously and appreciate your help in identifying and responsibly disclosing vulnerabilities to protect our users.
To report a security issue:
- Do not open a public issue on the GitHub repository to disclose a vulnerability.
- Send an email to our security team at envoy-gateway-security@googlegroups.com.
- Include the following details in your email:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact of the vulnerability.
- Any suggested remediation or patches (if applicable).
We aim to respond to vulnerability reports within 48 hours and will work with you to validate and address the issue. Once a resolution is identified, we will coordinate a release timeline with you and provide credit if applicable (with your consent).
Security patches are announced through:
To stay up-to-date with the latest security updates, we recommend subscribing to these channels.
To minimize security risks when using Envoy Gateway:
- Use the latest supported version of Envoy Gateway.
- Regularly monitor for updates and apply patches promptly.
If you have any questions about this security policy, please contact us at envoy-gateway-security@googlegroups.com.
Thank you for helping us ensure the security of Envoy Gateway!