| Version | Supported |
|---|---|
| latest | Yes |
We only support the latest release. Please upgrade before reporting issues.
To report a security vulnerability, please open a GitHub issue with the label security. Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Note: This is an open-source project maintained on a best-effort basis. There is no guaranteed response time or acknowledgment for security reports. We will address issues as capacity allows.
If you are a direct customer of Natron Tech AG, you can submit service requests through your existing support channels for guaranteed response times.
cainjekt runs as a privileged DaemonSet with access to the container runtime. Security-relevant areas include:
- CA file injection: symlink protection, atomic writes, file permission handling
- OCI hook execution: runs inside the container's mount namespace with access to the rootfs
- NRI plugin: communicates with containerd over a Unix socket
- Wrapper binary: prepended to container entrypoints, must fail-open safely
Once a fix is released, we will:
- Publish a GitHub Security Advisory
- Credit the reporter (unless they prefer anonymity)
- Tag a new release with the fix