You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

SECURITY.md 1.6KB

Graylog Security Policy

Supported Versions

Graylog is addressing vulnerabilities in the product for the current and the previous releases (a release is anything that increases either the major or the minor version part, in a semver understanding) of the last twelve months.

For the current release (3.1) this means:

Version Supported
3.1.x :white_check_mark:
3.0.x :white_check_mark:
2.5.x :white_check_mark:
< 2.5.0 :x:

Reporting a Vulnerability

We are grateful for anyone reporting a vulnerability, helping us to make Graylog better and more secure. Additionally, we encourage everyone to disclose bugs in a responsible way, allowing us and other Graylog users to react accordingly in a timely manner. That means:

  • If you want to report a critical bug that could: allow someone to steal credentials, execute code or escalate privileges, please send a bug report to security@graylog.com before publishing it. This allows us to fix it, create a new version and allows other Graylog users to update before the information is out in the wild. After receiving the bug report, we will immediately get back to you to coordinate the required action.
  • If you want to report a non-critical bug, write to security@graylog.com or open an issue on github.
  • This is an open source project. If you discover a bug and fix it, you are very welcome to submit a PR. You will be rewarded with the everlasting gratitude of the Graylog team and the community!

Thanks and happy logging!