summaryrefslogtreecommitdiffstats
path: root/doc/security/index.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security/index.rst')
-rw-r--r--doc/security/index.rst44
1 files changed, 44 insertions, 0 deletions
diff --git a/doc/security/index.rst b/doc/security/index.rst
new file mode 100644
index 000000000..682d73d24
--- /dev/null
+++ b/doc/security/index.rst
@@ -0,0 +1,44 @@
+:orphan:
+
+==========
+ Security
+==========
+
+.. toctree::
+ :maxdepth: 1
+
+ Past Vulnerabilities / CVEs <cves>
+ Vulnerability Management Process <process>
+
+Reporting a vulnerability
+=========================
+
+To report a vulnerability, please send email to `security@ceph.io
+<security@ceph.io>`_.
+
+* Please do not file a public ceph tracker issue for a vulnerability.
+* We urge reporters to provide as much information as is practicable
+ (a reproducer, versions affected, fix if available, etc.), as this
+ can speed up the process considerably.
+* Please let us know to whom credit should be given and with what
+ affiliations.
+* If this issue is not yet disclosed publicly and you have any
+ disclosure date in mind, please share the same along with the
+ report.
+
+Although you are not required to, you may encrypt your message using
+the following GPG key:
+
+**6EEF26FFD4093B99: Ceph Security Team (security@ceph.io)**
+
+| **Download:** `MIT PGP Public Key Server <https://pgp.mit.edu/pks/lookup?op=vindex&search=0x6EEF26FFD4093B99>`_
+| **Fingerprint:** A527 D019 21F9 7178 C232 66C1 6EEF 26FF D409 3B99
+
+
+Supported versions
+==================
+
+Security updates are applied only to the current `Active Releases`_.
+
+
+.. _Active Releases: https://docs.ceph.com/en/latest/releases/#active-releases