-
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
40 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| The below list reflects the actual active maintained Apache Kafka versions. | ||
| For the project Kafka KRaft on K8s, the versions below will be supported. | ||
|
|
||
| | Version | Supported | | ||
| | ------- | ------------------ | | ||
| | 3.6.0 | :white_check_mark: | | ||
| | 3.5.1 | :white_check_mark: | | ||
| | 3.5.0 | :white_check_mark: | | ||
| | 3.4.1 | :white_check_mark: | | ||
| | < 3.4.0 | :x: | | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| #### Title and Description: | ||
| - Start with a descriptive title that summarizes the security vulnerability. In the issue description, provide a clear and detailed explanation of the vulnerability, including what it is, how it can be exploited, and the potential impact. | ||
|
|
||
| #### Affected Versions: | ||
| - Specify the versions or branches of the software or project that are affected by the vulnerability. This helps the maintainers identify the scope of the issue and determine if it has been addressed in newer releases. | ||
|
|
||
| #### Reproduction Steps: | ||
| - Include step-by-step instructions on how to reproduce the vulnerability. This allows the maintainers to verify the issue and understand the specific conditions under which it occurs. | ||
|
|
||
| #### PoC (Proof of Concept) Code: | ||
| - If possible, provide a minimal, standalone code snippet or a sample project that demonstrates the vulnerability. This helps the maintainers understand the technical details and aids in the debugging process. | ||
|
|
||
| #### Potential Impact: | ||
| - Describe the potential impact and consequences of the vulnerability. This can include unauthorized access, data leakage, privilege escalation, denial of service, or any other security risks associated with the vulnerability. | ||
|
|
||
| #### Mitigation or Workaround: | ||
| - If you have identified any potential mitigations or workarounds for the vulnerability, include them in your report. This can assist the maintainers in providing interim solutions to protect users while a permanent fix is developed. | ||
|
|
||
| #### CVE (Common Vulnerabilities and Exposures): | ||
| - If you have obtained a CVE identifier for the vulnerability, include it in the report. A CVE identifier is a unique identifier assigned to publicly known vulnerabilities and helps in tracking and referencing the issue. | ||
|
|
||
| #### Contact Information: | ||
| - Provide your contact information, such as your email address or any other preferred method of communication. This allows the maintainers to reach out to you for further clarification or updates on the vulnerability. |