Currently the Syndesis community has bandwidth to support only the latest released version.

Please do not report security vulnerabilities through public GitHub issues.

Please report security issues by sending an e-mail to the Syndesis security team at security@syndesis.io. If possible, encrypt your message with our GPG key.

You should receive a response within 72 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting,
• etc.) Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue Step-by-step
• instructions to reproduce the issue Proof-of-concept or exploit code (if
• possible) Impact of the issue, including how an attacker might exploit the
• issue

When the vulnerability is acknowledged please allow us some time to dertemine and produce an appropriate fix for it. If you're willing to we can collaborate on the fix together via GitHub Security Advisories, for this you will need to provide us with your GitHub username.