traefik/SECURITY.md
2021-08-31 18:54:06 +02:00

1.5 KiB

Security Policy

We strongly advise you to register your Traefik instances to Pilot to be notified of security advisories that apply to your Traefik version. You can also join our security mailing list to be aware of the latest announcements from our security team. You can subscribe sending a mail to security+subscribe@traefik.io or on the online viewer.

Reported vulnerabilities can be found on cve.mitre.org.

Supported Versions

  • We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
  • Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
  • Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).

Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).

We use Semantic Versioning.

Version Supported
2.2.x
< 2.2.x
1.7.x
< 1.7.x

Reporting a Vulnerability

We want to keep Traefik safe for everyone. If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using this form.