Please do not open a public issue for security problems. Instead:
- Preferred: open a private advisory via the repository's Security tab (GitHub Security Advisories).
- Alternative: email
security@greptime.comwith a reproduction and impact assessment.
We aim to acknowledge within 3 business days and keep you informed as we investigate. Coordinated disclosure timelines are negotiated case by case based on severity and fix readiness.
The latest 0.x release receives security fixes. Once 1.0 ships, the current and previous minor will receive fixes; older releases will not be patched.
This policy covers the @greptime/ingester package in this repository. Vulnerabilities in the GreptimeDB server itself should be reported through greptimedb.