SECURITY.md

At Kong, we take security issues very seriously. If you believe you have found a security vulnerability in our project, we encourage you to disclose it responsibly. Please report any potential security vulnerabilities to us by sending an email tovulnerability@konghq.com.

1. Do not publicly disclose the vulnerability: Please do not create a GitHub issue or post the vulnerability on public forums. Instead, contact us directly atvulnerability@konghq.com.
2. Provide detailed information: When reporting a vulnerability, please include as much information as possible to help us understand and reproduce the issue. This may include:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Any relevant logs or screenshots

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
• Investigation: Our security team will investigate the report and will keep you informed of the progress. We aim to resolve critical vulnerabilities within 30 days of confirmation.
• Disclosure: We prefer coordinated disclosure and will work with you to schedule the disclosure of the vulnerability in a way that minimizes the risk to users.

We encourage security researchers to participate in our bug bounty program as outlined on theKong Vulnerability Disclosure page. This program provides rewards for discovering and reporting security vulnerabilities in accordance with our disclosure guidelines.

Thank you for helping to keep Kong secure.

For more information on our security policies and guidelines, please visit theKong Vulnerability Disclosure page.

For any questions or further assistance, please contact us atvulnerability@konghq.com.

There aren’t any published security advisories