If you discover a security vulnerability in Setu, please report it responsibly.
Do not open a public GitHub issue for security vulnerabilities.
Instead, please report vulnerabilities via:
- GitHub Security Advisories: Go to the Security tab and create a private advisory.
- Email: Contact the maintainers directly via the GitHub profile.
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix: Depends on severity, targeting critical fixes within 2 weeks
This security policy covers the Setu controller codebase, Helm charts, and deployment manifests. It does not cover Kueue, Karpenter, or Kubernetes itself.
| Version | Supported |
|---|---|
| latest | Yes |
| < 0.1.0 | No |