Security

Report a vulnerability

SECURITY.md

Security Policy

Supported Versions

Version	Supported
1.19.x	✅
1.18.x	❌
1.17.x	❌
1.16.x	✅
<= 1.15.x	❌

Reporting a Vulnerability

Please post your vulnerability report from the following page: https://github.com/fluent/fluentd/security/advisories

Caution

In above contact form, we accept about ONLY Fluentd's vulnerability, in contrast, REJECT your vulnerability report about Fluentd derivative products such as fluent-package, Fluentd container images and Fluentd kubernetes deamonset images and so on. There are appropriate contact forms for every these derivative products. See the following notice.

Note

If you use fluent-package, please check fluent-package-builder and report it there.

Note

If you use a Docker image of Fluentd, please check Fluentd Docker Image and report it there.

Remote code execution due to insecure deserialization (in non-default configuration)
GHSA-fppq-mj76-fpj2 published Nov 2, 2022 by ashie

Low
ReDoS vulnerability in parser_apache2
GHSA-hwhf-64mh-r662 published Oct 29, 2021 by ashie

Moderate

Learn more about advisories related to fluent/fluentd in the GitHub Advisory Database