Kubernetes Security Release Process and Security Committee documentation.
To report a vulnerability, please refer to https://kubernetes.io/security.
The Security Response Committee (SRC) is responsible for triaging and handling the security issues for Kubernetes. Following are the current Security Response Committee members:
<cjcullen@google.com><cjingram@google.com><joelsmith@redhat.com> [4096R/0x1688ADC79BECDDAF]<mhausler@amazon.com><i@monis.app>rita.z.zhang@gmail.com<srajakum@amazon.com><tabitha.c.sable@gmail.com>There are a number of contact points for the SRC and release managers in charge of security releases. Please use the correct forum for the best and fastest response.
| List or Group | Visibility | Uses |
|---|---|---|
| security@kubernetes.io | Private | Kubernetes security disclosures. This list is closely monitored and triaged by the SRC. See the disclosure guide for full details. |
| kubernetes-security-discuss Google Group | Public | Discussion about security disclosure handling, this document, and other updates. |
| release-managers-private@kubernetes.io | Private | Release Managers private discussion. All members are subscribed to security@kubernetes.io. |
| security-discuss-private@kubernetes.io | Private | SRC private discussion. All members are subscribed to security@kubernetes.io |
Learn how to engage with the Kubernetes community on the community page.
Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.