Security Policy

Kiali takes security seriously and encourages users to report security concerns.

If you run a security scan on Kiali software and would like to report a security scan report to the Kiali team, we only ask that you first verify that your scan is correctly validating the latest release and that the results are valid. Security report investigation often takes priority over scheduled work and can be time consuming for the Kiali maintainers to research and validate. So, please verify that your submitted report accurately reflects the Kiali software being scanned, and that the reported security issue(s) actually affect Kiali or one of its dependencies.

For current security bulletins see https://kiali.io/news/security-bulletins

Supported Versions

Kiali provides security updates for versions used in supported versions of the following products:

• Istio
• Red Hat OpenShift ServiceMesh

Please let us know in your report if you are reporting a Kiali security issue for a supported environment outside of those listed above.

Upstream releases are frequent and include security fixes as soon as possible.

Reporting a Vulnerability

Please send mail to kiali-security@googlegroups.com to report a security issue found in Kiali. We will update you via e-mail when the issue has been evaluated.

Please do NOT reveal any potential security issue in a Kiali github issue, or on other Kiali mailing lists.