Kiali takes security seriously and encourages users to report security concerns.

If you run a security scan on Kiali software that automatically generates a list of potential vulnerabilities and would like to report this security scan report to the Kiali team, we ask that you first verify that your scan is correctly validating the latest release and that the list of results is valid, contains no duplicates, and the reported vulnerabilities truly affect Kiali. Security report investigation often takes priority over scheduled work and can be time consuming for the Kiali maintainers to research and validate. So, please verify that your submitted report accurately reflects the Kiali software being scanned, and that the reported security issue(s) actually affect Kiali or one of its dependencies.

For current security bulletins see https://kiali.io/news/security-bulletins

Kiali provides security updates for versions used in supported versions of the following products:

• Istio
• Red Hat OpenShift ServiceMesh

Please let us know in your report if you are reporting a Kiali security issue for a supported environment outside of those listed above.

Upstream releases are frequent and include security fixes as soon as possible.

Please send mail to kiali-security@googlegroups.com to report a security issue found in Kiali. We will update you via e-mail when the issue has been evaluated.

Please do NOT reveal any potential security issue in a Kiali github issue, or on other Kiali mailing lists.