We attach great importance to code security. We are very grateful to the users, security vulnerability researchers, etc. for reporting security vulnerabilities to the Krkn community. All reported security vulnerabilities will be carefully assessed and addressed in a timely manner.
Krkn leverages Snyk to ensure that any security vulnerabilities found in the code base and dependencies are fixed and published in the latest release. Security vulnerability checks are enabled for each pull request to enable developers to get insights and proactively fix them.
The Krkn project treats security vulnerabilities seriously, so we strive to take action quickly when required.
The project requests that security issues be disclosed in a responsible manner to allow adequate time to respond. If a security issue or vulnerability has been found, please disclose the details to our dedicated email address:
You can also use the GitHub vulnerability report mechanism to report the security vulnerability.
Please include as much information as possible with the report. The following details assist with analysis efforts:
- Description of the vulnerability
- Affected component (version, commit, branch etc)
- Affected code (file path, line numbers)
- Exploit code
The security team currently consists of the Maintainers of Krkn
The Krkn security team will investigate and provide a fix in a timely mannner depending on the severity. The fix will be included in the new release of Krkn and details will be included in the release notes.