At Kong, we take security issues very seriously. If you believe you have found a security vulnerability in our project, we encourage you to disclose it responsibly. Please report any potential security vulnerabilities to us by sending an email to vulnerability@konghq.com.

Enterprise customers can leverage the customer support channels to report the vulnerabilities.

1. Do not publicly disclose the vulnerability: Please do not create a GitHub issue or post the vulnerability on public forums. Instead, contact us directly at vulnerability@konghq.com.
2. Provide detailed information: When reporting a vulnerability, please include as much information as possible to help us understand and reproduce the issue. This may include:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Any relevant logs or screenshots

For any questions or further assistance, please contact us at vulnerability@konghq.com.