We take security seriously. If you discover a vulnerability, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, email us at:
- A description of the vulnerability
- Steps to reproduce the issue
- The potential impact
- Any suggested fixes (if applicable)
| Step | Timeline |
|---|---|
| Acknowledgment | Within 48 hours of your report |
| Fix timeline | Communicated within 7 days of acknowledgment |
| Resolution | As quickly as possible, depending on severity |
We will work with you to understand the issue and coordinate disclosure.
This policy applies to:
- The Veritas Kanban application (all components)
- Direct dependencies used by the application
- The official deployment infrastructure
- Third-party services or applications that integrate with Veritas Kanban
- Vulnerabilities in dependencies that have already been publicly disclosed with upstream fixes available
- Social engineering attacks
| Version | Supported |
|---|---|
| Latest release | ✅ |
| Previous releases |
We value the security research community. With your permission, we will acknowledge your contribution in our release notes when a vulnerability is fixed.
Thank you for helping keep Veritas Kanban and its users safe.