Please do not open issues or pull requests if you believe you have discovered a vulnerability in the tooling contained in this repository.
Please instead report the vulnerability here https://github.com/envoyproxy/toolshed/security/advisories and we will consider the validity and impact.
In the event that we believe a tooling vulnerability might have an impact on the Envoy proxy build process we will escalate the issue to the Envoy security team (envoy-security@googlegroups.com), and in this case the vulnerability will be handled according to Envoy's security process as set out here https://github.com/envoyproxy/envoy/blob/main/SECURITY.md.