| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take the security of OtelKit seriously. If you believe you have found a security vulnerability, please report it to us as described below.
We ask that you do not use public channels to report security vulnerabilities.
Please report security vulnerabilities by email:
- Email: [email protected] (replace with actual security contact)
- You should receive a response within 48 hours
We prefer all communications to be in English.
OtelKit uses the OpenTelemetry Go SDK. Please also review:
OtelKit handles tracing data which may contain:
- Service names and metadata
- Request/response information
- Potentially sensitive operation names
- Timing information
- Use secure connections for OTLP exporters (disable insecure mode in production)
- Validate configurations to prevent misconfiguration
- Keep dependencies updated with security patches
- Monitor for security advisories in OpenTelemetry dependencies
We regularly update dependencies to address security vulnerabilities. You can check current dependencies with:
go list -m allSecurity updates will be released as patch versions (e.g., 1.0.1, 1.0.2). Critical security fixes may receive backports to previous major versions.
We would like to thank security researchers and users who report vulnerabilities to us. Your efforts help make OtelKit more secure for everyone.