Fastly welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via Fastly’s security issue reporting process.
Remediation of security vulnerabilities is prioritized. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The team announces security issues via release notes as well as the RustSec advisory database (i.e. cargo-audit
) on a best-effort basis.
Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from Fastly Security Advisories.