Security Policy
- Reporting a Vulnerability
Security

Security Policy

Reporting a Vulnerability

If you find a potential security vulnerability in bootc, please report it by following these steps:

1. Use the GitHub Security Tab

This repository is set up to allow vulnerability reports through GitHub's Security Advisories feature. To report a vulnerability:

  1. Navigate to the repository's main page.
  2. Select the Security tab.
  3. Select Advisories from the left-hand sidebar.
  4. Click on Report a vulnerability.
  5. Fill in the required details and submit the report.

Following this process will create a private advisory for our maintainers to review.

2. Do Not Open Public Pull Requests, Issues, or Discussions

Please do not discuss the issue, create PRs, or start discussions about the vulnerability. This ensures the vulnerability is not widely exploited before a fix is provided.