|
1 | | -# Reporting security vulnerabilities |
2 | | - |
3 | | -Oracle values the independent security research community and believes that |
4 | | -responsible disclosure of security vulnerabilities helps us ensure the security |
5 | | -and privacy of all our users. |
6 | | - |
7 | | -Please do NOT raise a GitHub Issue to report a security vulnerability. If you |
8 | | -believe you have found a security vulnerability, please submit a report to |
9 | | -[[email protected]][1] preferably with a proof of concept. Please review |
10 | | -some additional information on [how to report security vulnerabilities to Oracle][2]. |
11 | | -We encourage people who contact Oracle Security to use email encryption using |
12 | | -[our encryption key][3]. |
13 | | - |
14 | | -We ask that you do not use other channels or contact the project maintainers |
15 | | -directly. |
16 | | - |
17 | | -Non-vulnerability related security issues including ideas for new or improved |
18 | | -security features are welcome on GitHub Issues. |
19 | | - |
20 | | -## Security updates, alerts and bulletins |
21 | | - |
22 | | -Security updates will be released on a regular cadence. Many of our projects |
23 | | -will typically release security fixes in conjunction with the |
24 | | -[Oracle Critical Patch Update][3] program. Security updates are released on the |
25 | | -Tuesday closest to the 17th day of January, April, July and October. A pre-release |
26 | | -announcement will be published on the Thursday preceding each release. Additional |
27 | | -information, including past advisories, is available on our [security alerts][4] |
28 | | -page. |
29 | | - |
30 | | -## Security-related information |
31 | | - |
32 | | -We will provide security related information such as a threat model, considerations |
33 | | -for secure use, or any known security issues in our documentation. Please note |
34 | | -that labs and sample code are intended to demonstrate a concept and may not be |
35 | | -sufficiently hardened for production use. |
36 | | - |
37 | | - |
38 | | -[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html |
39 | | -[3]: https://www.oracle.com/security-alerts/encryptionkey.html |
40 | | -[4]: https://www.oracle.com/security-alerts/ |
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Security Announcements |
| 4 | + |
| 5 | +Join the [kubernetes-security-announce] group for security and vulnerability announcements. |
| 6 | + |
| 7 | +You can also subscribe to an RSS feed of the above using [this link][kubernetes-security-announce-rss]. |
| 8 | + |
| 9 | +## Reporting a Vulnerability |
| 10 | + |
| 11 | +Instructions for reporting a vulnerability can be found on the |
| 12 | +[Kubernetes Security and Disclosure Information] page. |
| 13 | + |
| 14 | +## Supported Versions |
| 15 | + |
| 16 | +Information about supported Kubernetes versions can be found on the |
| 17 | +[Kubernetes version and version skew support policy] page on the Kubernetes website. |
| 18 | + |
| 19 | +[kubernetes-security-announce]: https://groups.google.com/forum/#!forum/kubernetes-security-announce |
| 20 | +[kubernetes-security-announce-rss]: https://groups.google.com/forum/feed/kubernetes-security-announce/msgs/rss_v2_0.xml?num=50 |
| 21 | +[Kubernetes version and version skew support policy]: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions |
| 22 | +[Kubernetes Security and Disclosure Information]: https://kubernetes.io/docs/reference/issues-security/security/#report-a-vulnerability |
0 commit comments