ceph/doc/security/index.rst

==========
 Security
==========

.. toctree::
   :maxdepth: 1

   Past Vulnerabilities / CVEs <cves>
   Vulnerability Management Process <process>

Reporting a vulnerability
=========================

To report a vulnerability, please send email to `security@ceph.io
<security@ceph.io>`_.

* Please do not file a public ceph tracker issue for a vulnerability.
* We urge reporters to provide as much information as is practicable
  (a reproducer, versions affected, fix if available, etc.), as this
  can speed up the process considerably.
* Please let us know to whom credit should be given and with what
  affiliations.
* If this issue is not yet disclosed publicly and you have any
  disclosure date in mind, please share the same along with the
  report.

Although you are not required to, you may encrypt your message using 
the following GPG key:

**6EEF26FFD4093B99: Ceph Security Team (security@ceph.io)**

| **Download:** `MIT PGP Public Key Server <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x6EEF26FFD4093B99>`_
| **Fingerprint:** A527 D019 21F9 7178 C232 66C1 6EEF 26FF D409 3B99


Supported versions
==================

Security updates are applied only to the current `Active Releases`_.


.. _Active Releases: https://docs.ceph.com/en/latest/releases/#active-releases
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00			`==========`
			`Security`
			`==========`

doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			`.. toctree::`
			`:maxdepth: 1`
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			`Past Vulnerabilities / CVEs <cves>`
			`Vulnerability Management Process <process>`
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
			`Reporting a vulnerability`
			`=========================`

			To report a vulnerability, please send email to `security@ceph.io
			<security@ceph.io>`_.

			`* Please do not file a public ceph tracker issue for a vulnerability.`
			`* We urge reporters to provide as much information as is practicable`
			`(a reproducer, versions affected, fix if available, etc.), as this`
			`can speed up the process considerably.`
			`* Please let us know to whom credit should be given and with what`
			`affiliations.`
			`* If this issue is not yet disclosed publicly and you have any`
			`disclosure date in mind, please share the same along with the`
			`report.`

doc: Add GPG Keys Replaced my GPG key with ceph.com and David's GPG keys Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-04-09 11:41:26 +00:00			`Although you are not required to, you may encrypt your message using`
doc/security: Add single GPG key in lieu of existing three GPG keys Replace existing three GPG keys with new Ceph Security Team GPG key Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-05-18 12:13:53 +00:00			`the following GPG key:`
doc: Add GPG Keys Replaced my GPG key with ceph.com and David's GPG keys Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-04-09 11:41:26 +00:00
doc/security: Add single GPG key in lieu of existing three GPG keys Replace existing three GPG keys with new Ceph Security Team GPG key Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-05-18 12:13:53 +00:00			`6EEF26FFD4093B99: Ceph Security Team (security@ceph.io)`
doc: Add GPG Keys Replaced my GPG key with ceph.com and David's GPG keys Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-04-09 11:41:26 +00:00
doc/security: Add single GPG key in lieu of existing three GPG keys Replace existing three GPG keys with new Ceph Security Team GPG key Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-05-18 12:13:53 +00:00			\| Download: `MIT PGP Public Key Server <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x6EEF26FFD4093B99>`_
			`\| Fingerprint: A527 D019 21F9 7178 C232 66C1 6EEF 26FF D409 3B99`
doc: Add GPG Keys Replaced my GPG key with ceph.com and David's GPG keys Signed-off-by: Hardik Vyas <hvyas@redhat.com> 2021-04-09 11:41:26 +00:00
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
doc/security: restructure a bit Signed-off-by: Sage Weil <sage@newdream.net> 2021-03-31 16:57:31 +00:00			`Supported versions`
			`==================`
doc/security: add security section - how to report an issue - describe process for handling vulnerability - list past issues Signed-off-by: Sage Weil <sage@newdream.net> 2021-04-01 14:14:12 +00:00
doc: hard-code latest release link This commit does not exist in main. It will be forward ported once the release branches appropriately redirect /en/$release/releases to /en/latest/releases. Signed-off-by: Patrick Donnelly <pdonnell@redhat.com> (cherry picked from commit 01986dffbd8caf366e328f7ab4650cbb76663d3e) 2022-11-15 20:03:46 +00:00			Security updates are applied only to the current `Active Releases`_.


			`.. _Active Releases: https://docs.ceph.com/en/latest/releases/#active-releases`