This document is for a development version of Ceph.


Reporting a vulnerability

To report a vulnerability, please send email to

  • Please do not file a public ceph tracker issue for a vulnerability.

  • We urge reporters to provide as much information as is practicable (a reproducer, versions affected, fix if available, etc.), as this can speed up the process considerably.

  • Please let us know to whom credit should be given and with what affiliations.

  • If this issue is not yet disclosed publicly and you have any disclosure date in mind, please share the same along with the report.

Although you are not required to, you may encrypt your message using the following GPG keys:

08B7 3419 AC32 B4E9 66C1 A330 E84A C2C0 460F 3994

A72E 2206 BC85 31EE 964B 6FF8 FF69 432F 307A 807F

CD64 14F0 E2A8 3D47 CBCD 2990 9827 12C0 12E8 8B35

Supported versions

Security updates are applied only to the current Active Releases.