This repository is a collaborative effort to make deployment of migrid as smooth as possible, and we maintainers release versions we deem suitable for production use with a Stable-DATE marker. We do not set or guarantee specific lifetimes for such releases but do our best to support the use and provide any security updates needed. We will announce any critical issues and specifically mark any known affected releases as such in the table below.

We run this project as a non-profit collaboration and do NOT offer bug bounties, but appreciate reports about potential/confirmed security issues.

Please report any such findings in the Discussions section and/or open Pull requests to help fix such issues. In case the implications of the issues are considered to critical to disclose you may contact us directly as described elsewhere. We will strive to announce the resulting analysis and updates in releases here.

Any security issues in the underlying migrid software should be reported as described in the corresponding ucphhpc/migrid-sync repo.

Any security reports about specific deployments of docker-migrid on sites at UCPH or AU should go to the relevant site owners. E.g. as described in the security section on https://erda.ku.dk and https://sif.ku.dk .