We actively support security updates for the following versions:
| Version | Supported |
|---|---|
| main | ✅ |
| latest | ✅ |
If you discover a security vulnerability, please report it responsibly:
- Do not create a public GitHub issue
- Email the maintainers directly with details
- Include steps to reproduce if possible
- Allow reasonable time for response before disclosure
When deploying KaflowSQL:
- Never commit credentials to version control
- Use environment variables for sensitive data
- Regularly rotate access keys and secrets
- Enable S3 checkpointing encryption
- Use TLS for Kafka connections in production
- Restrict network access to required ports
- Use VPC/private networks when possible
- Run containers as non-root user
- Keep base images updated
- Scan images for vulnerabilities
- Use minimal base images
- Enable audit logging
- Monitor for unusual activity
- Set up alerts for failures
- Regular security reviews
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: Initial assessment within 5 business days
- Response: Coordinated disclosure timeline based on severity
- Resolution: Security patches and advisory publication
Thank you for helping keep KaflowSQL secure!