The EVE project maintains security support for the following versions:
| Version | Supported |
|---|---|
| master | ✅ |
| 14.5.x | ✅ |
| 13.4.x | ✅ |
| 12.0.x | ✅ |
| 11.0.x | ✅ |
| 10.4.x | ✅ |
| 9.4.x |
If you discover a security vulnerability in EVE, please report it privately to maintain the security of all users. Do not create a public GitHub issue.
- Email: Send details to [email protected].
- GitHub Security Advisory: Use the private vulnerability reporting feature.
Please include the following information in your report:
- Description: Clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact Assessment: Your assessment of the potential impact
- Affected Versions: Which versions of EVE are affected
- Proof of Concept: If available, a proof-of-concept or exploit code
- Suggested Fix: A patch to fix the vulnerability
We are committed to responding to security vulnerability reports within 24 hours of receipt. The time required to develop a fix may vary depending on the severity. Any public disclosure will be coordinated with the reporter.
Security advisories will be published:
- On the EVE Security Advisories page.
- Through the LF Edge EVE mailing lists.
We recognize and appreciate the efforts of the security research community in helping make EVE more secure. Security researchers who responsibly disclose vulnerabilities will be acknowledged.
This security policy applies to:
- The main EVE repository (lf-edge/eve)
- Official EVE container images
- Official EVE releases and distributions
Additional information about our security model can be found in the EVE Security Architecture document.