Reporting a vulnerability¶
To report a vulnerability, please send email to email@example.com.
Please do not file a public ceph tracker issue for a vulnerability.
We urge reporters to provide as much information as is practicable (a reproducer, versions affected, fix if available, etc.), as this can speed up the process considerably.
Please let us know to whom credit should be given and with what affiliations.
If this issue is not yet disclosed publicly and you have any disclosure date in mind, please share the same along with the report.
Although you are not required to, you may encrypt your message using the following GPG key:
6EEF26FFD4093B99: Ceph Security Team (firstname.lastname@example.org)
Security updates are applied only to the current Active Releases.