For details on all Community supported versions of CloudNativePG, please refer to the "Supported releases" section in the official documentation.

To make a report, send an email containing the details of the vulnerability to security@cloudnative-pg.io (an alias to a private mailing list in Google Groups containing just the maintainers of the project). Private disclosure of a potential vulnerability is important. The maintainers will reply acknowledging the report, and decide whether to keep it private or publicly disclose it.

CloudNativePG relies on the GitHub infrastructure to manage security advisories and manage vulnerabilities.