This repository is continuously scanned by Mend (formerly WhiteSource). Mend automatically creates GitHub issues for any detected vulnerabilities.
For a complete list of changes, please refer to our CHANGELOG.md.
| Version | Status | Details | Release Date |
|---|---|---|---|
| 2.0.0 | ✅ Supported | Initial release with all security vulnerabilities resolved | 2024-03-26 |
| 1.x.x | ❌ Deprecated | Contains known vulnerabilities - upgrade to 2.0.0 | - |
To report a security issue, please email the maintainers listed in MAINTAINERS.md with:
- Subject line: "Security Vulnerability: s3-iam-cosi-driver"
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Any known mitigations
- Any potential impacts
Our team will:
- Acknowledge receipt within 3 business days
- Provide an initial assessment within 10 business days
- Follow a 90-day disclosure timeline from the time the vulnerability is confirmed
Please do NOT report security vulnerabilities through public GitHub issues.
- Reporter submits vulnerability report
- Maintainers assess and confirm the issue
- Maintainers develop and test a fix
- A new release is prepared with the fix
- The fix is released and the vulnerability is publicly disclosed