Security

This document is to be considered a "work in progress" until this message is removed.

Reporting security issues

Please report any security issues you find in Gluster projects to: security at gluster.org

Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.

[need to check if this holds]

Currently, the security response teams for the following distributions are subscribed to this list and will respond to your report:

Fedora Red Hat

Handling security issues

If you represent a Gluster project or a distribution which packages Gluster projects, you are welcome to subscribe to the security at gluster.org mailing list. Your subscription will only be approved if you can demonstrate that you will handle issues in confidence and properly credit reporters for discovering issues. A second mailing list exists for discussion of embargoed security issues:

security-private at gluster.org

You will be invited to subscribe to this list if you are subscribed to security at gluster.org.

Security advisories

The security advisories page lists all security vulnerabilities fixed in Gluster.

[need to check if this holds]