The following file contains information about the security policy and procedures used in the Clouditor software.
We are currently in the process of moving towards a v2 version and already released several pre-release versions of
v2. Please note, that development of v2 is subject to change. If you are looking for a more stable version, please select one of the supported v1 versions.
| Version | Supported |
|---|---|
| v1.10.1 | ✅ |
| v1.10.0 | ✅ |
| <= v1.9.5 | ❌ |
Should you encounter a vulnerability in the Clouditor software, please use the possibility to privately report a vulnerability through GitHub using https://github.com/clouditor/clouditor/security/advisories/new.
We will then get in contact with you, assess the impact of the reported issue and try to fix it. After a fix is released, we will publish a Security Advisory (see below).
All fixed security issues will be accompanied by a security advisory. We aim to provide them in two formats
- Using GitHub's internal database (https://github.com/clouditor/clouditor/security/advisories), in order to inform GitHub users as soon as possible
- In the Clouditor repo itself in the folder csaf using the CSAF standard. This allows also for a more fine-grained reporting of a security issue as well as the current status and possible affected components.