Please do not report security vulnerabilities in public GitHub issues, discussions, pull requests, or other public forums.
If you believe you have found a security issue in Volcano CLI, send a detailed
report to vulnerability@konghq.com. Include:
- a description of the issue and affected component
- steps required to reproduce the issue
- the potential impact
- any relevant proof-of-concept details, logs, or screenshots
Kong's responsible vulnerability disclosure policy is published at https://konghq.com/compliance/vuln-disclosure.
Security fixes are made against the actively maintained development branch and the latest published CLI release channel. Maintainers may backport fixes to older releases based on severity, exploitability, and user impact.