The bf2fc6cc711aee1a0c2a team and community take all security bugs very seriously. You can find our guidelines here regarding our policy and security disclosure.

Please report any security issues to Red Hat's Product Security team directly, by following the instructions here:

https://access.redhat.com/security/team/contact/

bf2fc6cc711aee1a0c2a is built on top of many other open source projects (like Strimzi, Apache Kafka, OpenShift, Quarkus, and more!), most of them not under the direct responsibility of the bf2fc6cc711aee1a0c2a team. If you find a security bug possibly rooted in one of these projects; you can either disclose the issue to them directly, or disclose it to Red Hat's Product Security team (following the above-linked process) and they will responsibly disclose the issue to the respective project maintainer.

Due to the sensitive nature of security bugs, the disclosure process is more constrained than a regular bug. We appreciate you following these industry accepted guidelines, which gives time for a proper fix and limit the time window of attack.