Security: Difference between revisions
Jump to navigation
Jump to search
(Created page with "If you have details of a suspected security vulnerability in Lustre code that you wish to report then please [mailto:[email protected] email us] with the details.") |
No edit summary |
||
| Line 1: | Line 1: | ||
If you have details of a suspected security vulnerability in Lustre code that you wish to report then please [mailto:[email protected] email us] with the details. | If you have details of a suspected security vulnerability in Lustre code that you wish to report then please [mailto:[email protected] email us] with the details. | ||
Please do not file a public JIRA issue for a vulnerability - we do not want to draw attention to the vulnerability until users have been alerted and have had some time to put a mitigation in place. | |||
Ideally the reporting email should have as much detail as possible: | |||
-reproducer, versions affected, fix if available, etc. | |||
-indicate to whom (individual and/or affiliation) that credit for finding the issue should be reported | |||
-details of any CVE already reserved | |||
-your intentions around disclosing the details of the vulnerability | |||
We aim to respond to any such reports within three days of receipt. | |||
Revision as of 17:19, 8 February 2024
If you have details of a suspected security vulnerability in Lustre code that you wish to report then please email us with the details.
Please do not file a public JIRA issue for a vulnerability - we do not want to draw attention to the vulnerability until users have been alerted and have had some time to put a mitigation in place.
Ideally the reporting email should have as much detail as possible:
-reproducer, versions affected, fix if available, etc. -indicate to whom (individual and/or affiliation) that credit for finding the issue should be reported -details of any CVE already reserved -your intentions around disclosing the details of the vulnerability
We aim to respond to any such reports within three days of receipt.