Skip to content

Security: DoodleScheduling/keycloak-controller

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

When you should?

  • You think you discovered a potential security vulnerability.
  • You are unsure how a vulnerability affects this application.
  • You think you discovered a vulnerability in another project that this application depends on. For projects with their own vulnerability reporting and disclosure process, please report it directly there.

When you should not?

  • You need help tuning application components for security
  • You need help applying security-related updates.
  • Your issue is not security-related.

Please use the below process to report a vulnerability to the project:

  1. Email [email protected]
    • Emails should contain:
      • description of the problem
      • precise and detailed steps (include screenshots) that created the problem
      • the affected version(s)
      • any possible mitigations, if known
  2. You may be contacted by a project maintainer to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of the reported problem, recreate it, and confirm if there is a vulnerability present.

Supported Versions

Versions follow Semantic Versioning terminology and are expressed as x.y.z:

  • where x is the major version
  • y is the minor version
  • and z is the patch version

Security fixes, may be backported to the three most recent minor releases, depending on severity and feasibility. Patch releases are cut from those branches periodically, plus additional urgent releases, when required.

There aren’t any published security advisories