2021-04-01 14:14:12 +00:00
|
|
|
==========
|
|
|
|
Security
|
|
|
|
==========
|
|
|
|
|
2021-03-31 16:57:31 +00:00
|
|
|
.. toctree::
|
|
|
|
:maxdepth: 1
|
2021-04-01 14:14:12 +00:00
|
|
|
|
2021-03-31 16:57:31 +00:00
|
|
|
Past Vulnerabilities / CVEs <cves>
|
|
|
|
Vulnerability Management Process <process>
|
2021-04-01 14:14:12 +00:00
|
|
|
|
|
|
|
Reporting a vulnerability
|
|
|
|
=========================
|
|
|
|
|
|
|
|
To report a vulnerability, please send email to `security@ceph.io
|
|
|
|
<security@ceph.io>`_.
|
|
|
|
|
|
|
|
* Please do not file a public ceph tracker issue for a vulnerability.
|
|
|
|
* We urge reporters to provide as much information as is practicable
|
|
|
|
(a reproducer, versions affected, fix if available, etc.), as this
|
|
|
|
can speed up the process considerably.
|
|
|
|
* Please let us know to whom credit should be given and with what
|
|
|
|
affiliations.
|
|
|
|
* If this issue is not yet disclosed publicly and you have any
|
|
|
|
disclosure date in mind, please share the same along with the
|
|
|
|
report.
|
|
|
|
|
2021-04-09 11:41:26 +00:00
|
|
|
Although you are not required to, you may encrypt your message using
|
2021-05-18 12:13:53 +00:00
|
|
|
the following GPG key:
|
2021-04-09 11:41:26 +00:00
|
|
|
|
2021-05-18 12:13:53 +00:00
|
|
|
**6EEF26FFD4093B99: Ceph Security Team (security@ceph.io)**
|
2021-04-09 11:41:26 +00:00
|
|
|
|
2021-05-18 12:13:53 +00:00
|
|
|
| **Download:** `MIT PGP Public Key Server <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x6EEF26FFD4093B99>`_
|
|
|
|
| **Fingerprint:** A527 D019 21F9 7178 C232 66C1 6EEF 26FF D409 3B99
|
2021-04-09 11:41:26 +00:00
|
|
|
|
2021-04-01 14:14:12 +00:00
|
|
|
|
2021-03-31 16:57:31 +00:00
|
|
|
Supported versions
|
|
|
|
==================
|
2021-04-01 14:14:12 +00:00
|
|
|
|
2021-03-31 16:57:31 +00:00
|
|
|
Security updates are applied only to the current :ref:`active-releases`.
|