See our documentation on release versioning.
All production deployments are encouraged to deploy weekly and keep in regular communication with the development team.
To report a vulnerability, please email [email protected]
Please include the docker image tag for the version in which you have found the vulnerability, or a link to code on GitHub if that is more appropriate.
If you fix a vulnerability, you can qualify for the Patch Rewards Program and receive a reward for your vulnerability fix.
The US Cybersecurity & Infrastructure Security Agency (CISA) recommends the inclusion of a Software Bill of Materials (SBOM). We create the SBOM file with each release. It can be found on the releases page.
For more information on the SBOM visit the US National Telecommunications and Information Administration website