We provide security updates for the following versions of Kestra:
- The
latestrelease - Up to two previous minor versions released as a backport upon customer request.
If you are using an unsupported version, we recommend upgrading to the latest version to receive security fixes.
If you discover a security vulnerability in Kestra, please report it to us privately to ensure a responsible disclosure process. You can contact our security team at:
- Provide a detailed description of the issue, including steps to reproduce it if possible.
- Do not disclose the vulnerability publicly until we have confirmed and patched the issue.
- If you believe the issue has critical severity, please indicate so in your report to help us prioritize.
- We will acknowledge your report within 2 business days.
- We will work to verify and address the issue as quickly as possible.
- Once the issue is resolved, we will notify you of the fix.
We are happy to credit those who report vulnerabilities responsibly in our release notes, unless you prefer to remain anonymous. If you would like to be acknowledged, please include this in your report.
Thank you for helping to make Kestra more secure!