If you think there's a glaring issue/omission/security issue with the content provided in this repository, please follow the below steps so we can triage accordingly.

We take security vulnerabilities seriously. If you discover a security issue, please follow these guidelines:

DO NOT create a public GitHub issue for security vulnerabilities.

Instead, please report security issues by emailing devcentralteam (at) f5 dot com with the following information:

• Description: A clear description of the vulnerability
• Impact: The potential impact and severity
• Steps to Reproduce: Detailed steps to reproduce the issue
• Suggested Fix: If you have recommendations (optional)
• Your Contact Information: So we can follow up with questions

After you submit a report, here's what happens:

1. Acknowledgment: We'll acknowledge receipt as soon as possible
2. Initial Assessment: We'll provide an initial assessment and respond back
3. Updates: We'll keep you informed as we investigate and develop a fix
4. Resolution: We aim to release updates according to severity

We practice coordinated disclosure:

• We'll work with you to understand and validate the issue
• We'll develop and test a fix
• We'll notify affected users appropriately
• We'll publicly disclose the vulnerability after a fix is available and users have had time to update (typically 30-90 days)
• We'll credit you in our security advisory (unless you prefer to remain anonymous)

While using this project, we recommend:

• Keep your dependencies up to date
• Use the latest supported version
• Monitor our security advisories for updates

Security advisories are published at:

• GitHub Security Advisories: [Link to your GitHub Security tab]
• Mailing List: [Link to security mailing list if you have one]

The following are explicitly out of scope for security reports:

• Issues in outdated/unsupported versions
• Social engineering attacks against our team
• Theoretical vulnerabilities without proof of exploitation
• Vulnerabilities in third-party dependencies (report those upstream)
• Issues requiring extensive user interaction or extremely unlikely scenarios

• Security Issues: devcentral (at) f5 dot com
• General Questions: See support.md
• Code of Conduct Issues: See code_of_conduct.md

Thank you for helping keep F5 DevCentral projects and our community safe!