traefik/SECURITY.md

# Security Policy

You can join our security mailing list to be aware of the latest announcements from our security team.
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).

Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).

## Supported Versions

- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).

Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).

We use [Semantic Versioning](https://semver.org/).

| Version   | Supported          |
|-----------|--------------------|
| `2.2.x`   | :white_check_mark: |
| `< 2.2.x` | :x:                |
| `1.7.x`   | :white_check_mark: |
| `< 1.7.x` | :x:                |

## Reporting a Vulnerability

We want to keep Traefik safe for everyone.
If you've discovered a security vulnerability in Traefik,
we appreciate your help in disclosing it to us in a responsible manner,
by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).
doc: add security policies. 2020-07-29 10:42:03 +00:00			`# Security Policy`

Remove Pilot support 2022-09-14 08:56:08 +00:00			`You can join our security mailing list to be aware of the latest announcements from our security team.`
doc: add security policies. 2020-07-29 10:42:03 +00:00			`You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).`

			`Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).`

			`## Supported Versions`

			`- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.`
			`- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).`
			`- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).`

			`Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).`

			`We use [Semantic Versioning](https://semver.org/).`

			`\| Version \| Supported \|`
Replace old security form by the GitHub report system 2023-07-27 14:50:06 +00:00			`\|-----------\|--------------------\|`
doc: add security policies. 2020-07-29 10:42:03 +00:00			\| `2.2.x` \| :white_check_mark: \|
			\| `< 2.2.x` \| :x: \|
			\| `1.7.x` \| :white_check_mark: \|
			\| `< 1.7.x` \| :x: \|

			`## Reporting a Vulnerability`

			`We want to keep Traefik safe for everyone.`
Replace old security form by the GitHub report system 2023-07-27 14:50:06 +00:00			`If you've discovered a security vulnerability in Traefik,`
			`we appreciate your help in disclosing it to us in a responsible manner,`
			`by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).`