Please do not open issues or pull requests if you believe you have discovered a vulnerability in the tooling contained in this repository.

Please instead report the vulnerability here https://github.com/envoyproxy/toolshed/security/advisories and we will consider the validity and impact.

In the event that we believe a tooling vulnerability might have an impact on the Envoy proxy build process we will escalate the issue to the Envoy security team ([email protected]), and in this case the vulnerability will be handled according to Envoy's security process as set out here https://github.com/envoyproxy/envoy/blob/main/SECURITY.md.