Security is important for us. Security vulnerabilities or suspected security vulnerabilities should be reported to the project's maintainers privately, to minimize attacks against current users of Kroxylicious before they are fixed.

Reported vulnerabilities will be investigated and patched as part of the next patch (or minor) release or as soon as practical depending on severity.

IMPORTANT: Please do not file public issues on GitHub for security vulnerabilities

To report a vulnerability or a security-related issue, please email the private mailing list kroxylicious-admins at redhat dot com with the details of the vulnerability.

Do not report non-security-impacting issues through this channel. Use GitHub issues instead.