How can I get informed about security advisories?

We have set up an automated dependency management process to manage upstream dependencies of our products. The engineering team is automatically being privately notified when security issues are found.

Depending on the criticality fixes are deployed in the regular release cycle, or shipped as hot-fix, published as security advisory on Github and clients are informed.

Advisories are published on our Github repository: https://github.com/zitadel/zitadel/security/advisories