Envoy handles travel rule compliance and PII data and as such, security is very important to us!
Because Envoy is open source, we welcome all security vulnerability reports and fixes in the forms of PRs. If a security vulnerability is reported or patched, we will immediately notify the TRISA community that a fix is available and deploy it across as many Envoy nodes as possible.
The following versions are currently being supported with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 4.0 | ❌ |
To report a vulnerability, please submit a GitHub issue that details the nature of the vulnerability and how to patch the problem. Better yet, if you are able, please feel free to open a pull request with the fix!
Envoy is an open source project, but with an active community; generally speaking you can expect a response within a week of posting the issue or the PR.
Thank you so much for contributing to the security of Envoy!