Security: Difference between revisions
Jump to navigation
Jump to search
m (minor edits) |
m (Protected "Security" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))) |
(No difference)
|
Latest revision as of 06:15, 9 February 2024
If you have details of a suspected security vulnerability in Lustre code that you wish to report then please email us at [email protected] with the details.
Please do not file a public JIRA issue for a security vulnerability - we do not want to draw attention to the vulnerability until a fix has been developed and administrators have been alerted and have had some time to put a mitigation in place.
Ideally the reporting email should have as much detail as possible:
- reproducer, versions affected, fix if available, etc.
- indicate to whom (individual and/or affiliation) that credit for finding the issue should be reported
- details of any CVE already reserved
- your intentions around disclosing the details of the vulnerability
We aim to respond to any such reports within three business days of receipt.