We take the security of Pangolin and the wider Kubernetes ecosystem seriously. Please use the channels below to report vulnerabilities responsibly.

The project supports security updates for the latest released version and the prior minor (N-1). Patch releases are issued as needed.

Please report security vulnerabilities via the GitHub Security Advisories portal. Reports are routed privately to the maintainers.

We commit to acknowledging new reports within two business days and to providing a status update within five business days. Once a fix is ready we will coordinate disclosure with the reporter and publish a security advisory in this repository.

If you require encrypted communication, please request it when you open the private advisory and a maintainer will provide further instructions.