| Version | Supported |
|---|---|
| 0.x | ✅ |
If you discover a security vulnerability, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Please use GitHub Security Advisories:
- Go to Report a vulnerability
- Provide a clear description of the issue
- Include steps to reproduce if possible
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 7 days
- Fix or mitigation: Best effort within 30 days, depending on severity
We follow coordinated disclosure. Please allow reasonable time to address the issue before making it public.
- Vulnerabilities in Zuul CI itself (report to Zuul's security process)
- Denial of service via large API responses (expected behavior with remote APIs)