Security is important for us. Security vulnerabilities or suspected security vulnerabilities should be reported to Apicurio Registry maintainers privately, to minimize attacks against current users before they are fixed. Reported vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible.

IMPORTANT: Please do not file public issues on GitHub for security vulnerabilities

To report a vulnerability or a security-related issue, please email apicurio.registry@redhat.com with the details of the vulnerability. Do not report non-security-impacting issues through this channel. Use GitHub issues instead.

Depending on the severity of the CVE or other vulnerability, the project provides the fix either as a patch release of the current minor release or in the next minor release.

Published security advisories are available on the GitHub Security Advisories page.