26 lines
1.3 KiB
Markdown
26 lines
1.3 KiB
Markdown
# Security Policy
|
|
|
|
## Sponsoring the project
|
|
|
|
This project is maintained by a small team of four and therefore lacks the resource to provide security fixes in a very timely manner.
|
|
|
|
That said, even though we are very passionate about making Helmfile rock solid security wise, all issues are handled on the best effort basis.
|
|
|
|
If you have important business(es) that relies on this project, please consider sponsoring the maintainers, so that they can commit more on providing such service.
|
|
|
|
> *Note* that we don't currently have project-wide sponsorship enabled as we don't know how to share the amount of sponsorships with fairness.
|
|
> Please sponsor individuals instead! Thanks for your understanding.
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
| ------- | ------------------ |
|
|
| 0.144.0 | :white_check_mark: |
|
|
| < 0.144.0| :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
To report a security issue, please email helmfile-security@googlegroups.com with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
|
|
|
|
A maintainer will try to respond within 5 working days. If the issue is confirmed as a vulnerability, a Security Advisory will be opened. This project currently tries to follow a 90 day disclosure timeline.
|