Skip to content

Security: Neues/ibm-products

Security

SECURITY.md

Security policy

Version support

Version Status Ongoing support
2.x Active
1.x Active

Version 2.x corresponds with Carbon v11 while 1.x corresponds with Carbon v10.

Support for these versions includes the discrete version numbers of individual packages as listed in the release changelogs.

Please note that the 1.x version is anticipated to reach maintenance phase near the end of 2023.

Reporting a vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Instead, report a vulnerability through GitHub’s security advisory feature via new issues.

Please include a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigation steps for the issue. Our team aims to respond to all new vulnerability reports within 7 business days.

Additional information on reporting vulnerabilities to IBM is available at https://www.ibm.com/trust/security-psirt

Preferred languages

We prefer all communications to be in English.

Comments on this policy

If you have suggestions on how to improve this process, please submit a pull request, start a discussion, or open an issue.

There aren’t any published security advisories