forked from TrueCloudLab/distribution
ba4a6bbe02
Microsoft has updated the golang Azure SDK significantly. Update the azure storage driver to use the new SDK. Add support for client secret and MSI authentication schemes in addition to shared key authentication. Implement rootDirectory support for the azure storage driver to mirror the S3 driver. Signed-off-by: Kirat Singh <kirat.singh@beacon.io> Co-authored-by: Cory Snider <corhere@gmail.com>
19 lines
875 B
Markdown
19 lines
875 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
As of February 2022 (and until this document is updated), the latest version `v4` is supported.
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you think you found a vulnerability, and even if you are not sure, please report it to jwt-go-security@googlegroups.com or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
|
|
|
|
You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
|
|
|
|
## Public Discussions
|
|
|
|
Please avoid publicly discussing a potential security vulnerability.
|
|
|
|
Let's take this offline and find a solution first, this limits the potential impact as much as possible.
|
|
|
|
We appreciate your help!
|