Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability, please report it by emailing soc@bedag.ch.
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Potential impact
- Any suggested fixes (if available)
We will acknowledge your report within 3 business days and provide a detailed response within 7 business days indicating the next steps in handling your report.
We will keep you informed of the progress towards a fix and may ask for additional information or guidance.
Security updates will be released as soon as possible after a fix is available. We recommend keeping your installation up to date with the latest releases.
When using StorageGrid Operator, we recommend:
- Keep the operator updated to the latest version
- Follow the principle of least privilege
- Use RBAC to restrict access of the operator's service account
- Review and audit your StorageGrid credentials and Kubernetes secrets regularly
Thank you for helping to keep StorageGrid Operator and our users safe!