summaryrefslogtreecommitdiffstats
path: root/doc/security/index.rst
blob: 9d158cb969911c4ed2fe34f7b47ad7d1d43f7d1c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
==========
 Security
==========

.. toctree::
   :maxdepth: 1

   Past Vulnerabilities / CVEs <cves>
   Vulnerability Management Process <process>

Reporting a vulnerability
=========================

To report a vulnerability, please send email to `security@ceph.io
<security@ceph.io>`_.

* Please do not file a public ceph tracker issue for a vulnerability.
* We urge reporters to provide as much information as is practicable
  (a reproducer, versions affected, fix if available, etc.), as this
  can speed up the process considerably.
* Please let us know to whom credit should be given and with what
  affiliations.
* If this issue is not yet disclosed publicly and you have any
  disclosure date in mind, please share the same along with the
  report.

Although you are not required to, you may encrypt your message using 
the following GPG key:

**6EEF26FFD4093B99: Ceph Security Team (security@ceph.io)**

| **Download:** `MIT PGP Public Key Server <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x6EEF26FFD4093B99>`_
| **Fingerprint:** A527 D019 21F9 7178 C232 66C1 6EEF 26FF D409 3B99


Supported versions
==================

Security updates are applied only to the current `Active Releases`_.


.. _Active Releases: https://docs.ceph.com/en/latest/releases/#active-releases