Skip to content

Latest commit

 

History

History
58 lines (42 loc) · 2.5 KB

reporting-security-issues.md

File metadata and controls

58 lines (42 loc) · 2.5 KB

WARNING WARNING WARNING WARNING WARNING

PLEASE NOTE: This document applies to the HEAD of the source tree

If you are using a released version of Kubernetes, you should refer to the docs that go with that version.

The latest release of this document can be found [here](http://releases.k8s.io/release-1.1/docs/reporting-security-issues.md).

Documentation for other releases can be found at releases.k8s.io.

Security

If you believe you have discovered a vulnerability or a have a security incident to report, please follow the steps below. This applies to Kubernetes releases v1.0 or later.

To watch for security and major API announcements, please join our kubernetes-announce group.

Reporting a security issue

To report an issue, please:

  • Submit a bug report here.
    • Select “I want to report a technical security bug in a Google product (SQLi, XSS, etc.).”
    • Select “Other” as the Application Type.
  • Under reproduction steps, please additionally include
    • the words "Kubernetes Security issue"
    • Description of the issue
    • Kubernetes release (e.g. output of kubectl version command, which includes server version.)
    • Environment setup (e.g. which "Getting Started Guide" you followed, if any; what node operating system used; what service or software creates your virtual machines, if any)

An online submission will have the fastest response; however, if you prefer email, please send mail to [email protected]. If you feel the need, please use the PGP public key to encrypt communications.

Analytics