You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We take security seriously and appreciate your help in identifying and responsibly disclosing vulnerabilities to protect our users.
To report a security issue:
1.**Do not open a public issue** on the GitHub repository to disclose a vulnerability.
2. Send an email to our security team at [envoy-gateway-security@googlegroups.com](mailto:envoy-gateway-security@googlegroups.com).
3. Include the following details in your email:
- A detailed description of the vulnerability.
- Steps to reproduce the issue.
- Potential impact of the vulnerability.
- Any suggested remediation or patches (if applicable).
We aim to respond to vulnerability reports within **48 hours** and will work with you to validate and address the issue.
Once a resolution is identified, we will coordinate a release timeline with you and provide credit if applicable (with your consent).
## Security Updates
Security patches are announced through:
- The [GitHub Releases page](https://github.com/envoyproxy/gateway/releases)
To stay up-to-date with the latest security updates, we recommend subscribing to these channels.
## Best Practices for Secure Usage
To minimize security risks when using Envoy Gateway:
- Use the latest supported version of Envoy Gateway.
- Regularly monitor for updates and apply patches promptly.
## Contact
If you have any questions about this security policy, please contact us at [envoy-gateway-security@googlegroups.com](mailto:envoy-gateway-security@googlegroups.com).
Thank you for helping us ensure the security of Envoy Gateway!
