# Security Policy for Argo CD Image Updater

Version: **v1.0 (2022-03-25)**

## Supported Versions

We currently only support the most recent release. Please do not report issues
for older versions if they do not reproduce in the latest release.

## Reporting a Vulnerability

Please report issues with our container image directly on the GitHub tracker
if the issue has already been assigned a CVE.

If you find a security related bug in Argo CD Image Updater, we kindly ask you
for responsible disclosure and for giving us appropriate time to react, analyze
and develop a fix to mitigate the found security vulnerability.

We will do our best to react quickly on your inquiry, and to coordinate a fix
and disclosure with you. Sometimes, it might take a little longer for us to
react (e.g. out of office conditions), so please bear with us in these cases.

We will publish security advisories using the
[Git Hub Security Advisories](https://github.com/argoproj-labs/argocd-image-updater/security/advisories)
feature to keep our community well informed, and will credit you for your
findings (unless you prefer to stay anonymous, of course).

Please report vulnerabilities by e-mail to the following address:

* jann@mistrust.net