<!-- Synced from kumahq/.github update lifecycle action (and remove this comment) to stop syncing -->
# Security

## Reporting Vulnerabilities

We use Github's Security advisories for reporting security vulnerabilities.

You can open a private report in the [advisories section](https://github.com/kumahq/kuma/security/advisories).

To learn more about this reporting checkout the [Github docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).

## Public Disclosure

Security vulnerabilities will be disclosed via release notes, issues and Github advisories with severity score higher than [4.0](https://www.first.org/cvss/calculator/3.1) will have an advisory published.