We actively support the latest version of this project. Security updates will be provided for:
| Version | Supported |
|---|---|
| Latest | ✅ |
| < Latest | ❌ |
If you discover a security vulnerability, please do not open a public issue. Instead, please report it privately using one of the following methods:
- Go to the Security tab in the repository
- Click on Report a vulnerability
- Fill out the security advisory form
Send an email to [INSERT YOUR EMAIL OR SECURITY EMAIL] with:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Acknowledgment: You will receive an acknowledgment within 48 hours
- Initial Assessment: We will provide an initial assessment within 7 days
- Updates: We will keep you informed of our progress
- Resolution: We will work to resolve the issue as quickly as possible
- We will coordinate with you on the disclosure timeline
- Vulnerabilities will be disclosed after a fix is available
- You will be credited for the discovery (unless you prefer to remain anonymous)
When using this Docker registry:
- Use Strong Passwords: Generate passwords with at least 16 characters
- Enable TLS: Always use TLS in production environments
- Keep Updated: Regularly update the registry image for security patches
- Network Security: Restrict access using firewall rules and VPNs
- Regular Audits: Regularly review and rotate credentials and secrets
- This registry uses basic authentication (htpasswd). For production, consider additional security layers.
- TLS is recommended but not enforced by default - configure it for production use.
- The registry runs with default Docker Registry security settings - review and harden as needed for your use case.