30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
We strongly advise you to register your Traefik instances to [Pilot](http://pilot.traefik.io) to be notified of security advisories that apply to your Traefik version.
|
||
|
|
You can also join our security mailing list to be aware of the latest announcements from our security team.
|
||
|
|
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
|
||
|
|
|
||
|
|
Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
|
||
|
|
- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
|
||
|
|
- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).
|
||
|
|
|
||
|
|
Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).
|
||
|
|
|
||
|
|
We use [Semantic Versioning](https://semver.org/).
|
||
|
|
|
||
|
|
| Version | Supported |
|
||
|
|
| --------- | ------------------ |
|
||
|
|
| `2.2.x` | :white_check_mark: |
|
||
|
|
| `< 2.2.x` | :x: |
|
||
|
|
| `1.7.x` | :white_check_mark: |
|
||
|
|
| `< 1.7.x` | :x: |
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
We want to keep Traefik safe for everyone.
|
||
|
|
If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io).
|