CINXE.COM

<!DOCTYPE html> <html lang="en" data-content_root="./"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> <title>OpenStack Security — OpenStack Security Advisories 0.0.1.dev286 documentation</title> <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=639405c8" /> <link rel="stylesheet" type="text/css" href="_static/basic.css?v=fb9458d3" /> <script src="_static/documentation_options.js?v=84aa02c6"></script> <script src="_static/doctools.js?v=9a2dae69"></script> <script src="_static/sphinx_highlight.js?v=dc90522c"></script> <link rel="search" title="Search" href="search.html" /> <link rel="next" title="How to report security issues to OpenStack" href="reporting.html" /> <meta name="viewport" content="width=device-width, initial-scale=1">  <link href="_static/css/bootstrap.min.css" rel="stylesheet">  <link href="_static/css/font-awesome.min.css" rel="stylesheet">  <link href="_static/css/combined.css" rel="stylesheet">  <link href="_static/css/search.css" rel="stylesheet">  <link href="_static/pygments.css" rel="stylesheet">     <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-17511903-1', 'auto'); ga('send', 'pageview'); </script>  </head><body>  <script> (function (window, document) { var loader = function () { var script = document.createElement("script"), tag = document.getElementsByTagName("script")[0]; script.src = "https://search.openstack.org/widget/embed.min.js?t="+Date.now(); tag.parentNode.insertBefore(script, tag); }; window.addEventListener ? window.addEventListener("load", loader, false) : window.attachEvent("onload", loader); })(window, document); </script> <nav class="navbar navbar-default" role="navigation"> <div class="container">  <div class="navbar-header"> <button class="navbar-toggle" data-target="#bs-example-navbar-collapse-1" data-toggle="collapse" type="button"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <div class="brand-wrapper"> <a class="navbar-brand" href="https://www.openstack.org/"></a> </div> <div class="search-icon show"><i class="fa fa-search"></i> Search</div></div> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="search-container tiny"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </div> <ul class="nav navbar-nav navbar-main show"> <li class="search-container-mobile"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </li> <li>  <a href="https://www.openstack.org/software/" class="drop" id="dropdownMenuSoftware">Software <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuSoftware"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/">Overview</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/openstack-components">OpenStack Components</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/sdks">SDKs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/deployment-tools">Deployment Tools</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/assets/software/projectmap/openstack-map.pdf" target="_blank">OpenStack Map</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/sample-configs/">Sample Configs</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/use-cases/" class="drop" id="dropdownMenuUsers">Use Cases <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuUsers"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/">Users in Production</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/bare-metal/">Ironic Bare Metal</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/edge-computing/">Edge Computing</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/telecoms-and-nfv/">Telecom & NFV</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/science/">Science and HPC</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/containers/">Containers</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/enterprise/">Enterprise</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/surveys/landing">User Survey</a></li> </ul> </li> <li>  <a href="https://openinfra.dev/summit" class="drop" id="dropdownMenuEvents">Events <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/summit">OpenInfra Summit</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/ptg/">Project Teams Gathering</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/opendev-2020/">OpenDev</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/community-events/">Community Events</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/openstackdays">OpenStack & OpenInfra Days</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/videos/">Summit Videos</a></li> </ul> </li> <li> <a href="https://www.openstack.org/community/" class="drop" id="dropdownMenuCommunity">Community <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuCommunity"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/">Welcome! Start Here</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/tech-committee">OpenStack Technical Committee</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/speakers/">Speakers Bureau</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://wiki.openstack.org">OpenStack Wiki</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/coa/">Get Certified (COA)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/jobs/">Jobs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketing/">Marketing Resources</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/news/">Community News</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://superuser.openstack.org">Superuser Magazine</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/supporting-organizations/">OpenInfra Foundation Supporting Organizations</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">OpenInfra Foundation</a></li> </ul> </li> <li> <a href="https://www.openstack.org/marketplace/" class="drop" id="dropdownMenuLearn">Marketplace <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/training/">Training</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/distros/">Distros & Appliances</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/public-clouds/">Public Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/hosted-private-clouds/">Hosted Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/remotely-managed-private-clouds/">Remotely Managed Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/consulting/">Consulting & Integrators</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/drivers/">Drivers</a></li> </ul> </li> <li> <a href="https://www.openstack.org/blog/">Blog</a> </li> <li> <a href="http://docs.openstack.org/">Docs</a> </li> <li class="join-nav-section">  <a href="https://openinfra.dev/join/" id="dropdownMenuJoin">Join <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuJoin" style="display: none;"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sign up for Foundation Membership</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sponsor the Foundation</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">More about the Foundation</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/Security/login/?BackURL=/home/" class="sign-in-btn">Log In</a> </li> </ul> </div> </div>  </nav> <div class="container docs-book-wrapper"> <div class="row"> <div class="col-lg-9 col-md-8 col-sm-8 col-lg-push-3 col-md-push-4 col-sm-push-4"> <div class="row docs-title"> <div class="col-lg-8"> <h1>OpenStack Security</h1> </div> <div class="docs-actions"> <a href="reporting.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: How to report security issues to OpenStack"></i></a> <a id="logABugLink1" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> </div> <div class="row"> <div class="col-lg-12"> <div class="docs-body" role="main"> <section id="openstack-security"> <h1>OpenStack Security<a class="headerlink" href="#openstack-security" title="Link to this heading">¶</a></h1> <div class="toctree-wrapper compound"> </div> <p>Security is a fundamental goal of the OpenStack architecture and needs to be addressed at all layers of the stack. Like any complex, evolving system security has to be vigilantly pursued, and exposures eliminated. We need your help.</p> <p>OpenStack has two mechanisms for communicating security information with downstream stakeholders, “Advisories” and “Notes”. OpenStack Security Advisories (OSSA) are created to deal with severe security issues in OpenStack for which a fix is available - OSSA’s are issued by the OpenStack Vulnerability Management Team (VMT). OpenStack Security Notes (OSSN) are used for security issues which do not qualify for an advisory, typically design issues, deployment and configuration vulnerabilities.</p> <section id="how-to-report-security-issues-to-openstack"> <h2>How to report security issues to OpenStack<a class="headerlink" href="#how-to-report-security-issues-to-openstack" title="Link to this heading">¶</a></h2> <p>For detailed vulnerability reporting instructions, see <a class="reference internal" href="reporting.html"><span class="doc">How to report security issues to OpenStack</span></a>.</p> <section id="vulnerability-management-team"> <span id="vulnerability-management"></span><span id="openstack-security-project"></span><span id="id1"></span><h3>Vulnerability Management Team<a class="headerlink" href="#vulnerability-management-team" title="Link to this heading">¶</a></h3> <p>See <a class="reference internal" href="vmt.html"><span class="doc">Vulnerability Management Team</span></a> for the list of OpenStack Vulnerability Managers.</p> </section> </section> <section id="security-information-for-openstack-deployers"> <h2>Security information for OpenStack deployers<a class="headerlink" href="#security-information-for-openstack-deployers" title="Link to this heading">¶</a></h2> <p>There are four main sources of security guidance for OpenStack deployers:</p> <ul class="simple"> <li><p>OpenStack Security Advisories (OSSA)</p></li> <li><p>OpenStack Security Notes (OSSN)</p></li> <li><p>OpenStack Security Guide</p></li> </ul> <section id="openstack-security-advisories-ossa"> <h3>OpenStack Security Advisories (OSSA)<a class="headerlink" href="#openstack-security-advisories-ossa" title="Link to this heading">¶</a></h3> <p>Recent OSSAs:</p> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="ossa/OSSA-2024-004.html">OSSA-2024-004: Ironic fails to verify checksums of supplied image_source URLs when configured to convert images to raw for streaming</a></li> <li class="toctree-l1"><a class="reference internal" href="ossa/OSSA-2024-003.html">OSSA-2024-003: Unvalidated image data passed to qemu-img</a></li> <li class="toctree-l1"><a class="reference internal" href="ossa/OSSA-2024-002.html">OSSA-2024-002: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors</a></li> <li class="toctree-l1"><a class="reference internal" href="ossa/OSSA-2024-001.html">OSSA-2024-001: Arbitrary file access through custom QCOW2 external data</a></li> <li class="toctree-l1"><a class="reference internal" href="ossa/OSSA-2023-003.html">OSSA-2023-003: Unauthorized volume access through deleted volume attachments</a></li> </ul> </div> <p>You can find the complete list of published advisories here:</p> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="ossalist.html">OpenStack Security Advisories</a></li> </ul> </div> </section> <section id="openstack-security-notes"> <h3>OpenStack Security Notes<a class="headerlink" href="#openstack-security-notes" title="Link to this heading">¶</a></h3> <p>Security Notes advise users of security related issues. Security notes are similar to advisories; they often address vulnerabilities in third party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.</p> <p>The complete set of <a class="reference external" href="https://wiki.openstack.org/wiki/Security_Notes">security notes</a> is available online, but they are also published on the OpenStack mailing list when they are released.</p> </section> <section id="openstack-security-guide"> <h3>OpenStack Security Guide<a class="headerlink" href="#openstack-security-guide" title="Link to this heading">¶</a></h3> <p>The OpenStack Security Guide provides best practice information for OpenStack deployers. This guide was written by a community of security experts from the OpenStack Security Project, based on experience gained while hardening OpenStack deployments. The guide covers topics including compute and storage hardening, rate limiting, compliance, and cryptography; it is the starting point for anyone looking to securely deploy OpenStack.</p> <p>Read <a class="reference external" href="http://docs.openstack.org/sec/">the guide</a> online today.</p> </section> </section> <section id="security-information-for-openstack-developers"> <h2>Security information for OpenStack developers<a class="headerlink" href="#security-information-for-openstack-developers" title="Link to this heading">¶</a></h2> <section id="how-to-propose-and-review-a-security-patch"> <h3>How to propose and review a security patch<a class="headerlink" href="#how-to-propose-and-review-a-security-patch" title="Link to this heading">¶</a></h3> <div class="admonition note"> <p class="admonition-title">Note</p> <p>The patch development and review process for security patches is different from normal patches in OpenStack. Because the gerrit review process is public, all security bugs must have patches proposed to and reviewed in the StoryBoard or Launchpad report comments.</p> </div> <p>After a patch for the reported bug has been developed locally, you the patch author need to share that with the community. This is a simple process, but it is different than the normal OpenStack workflow.</p> <ul> <li><p>Export it using the <cite>format-patch</cite> command:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">git</span> <span class="nb">format</span><span class="o">-</span><span class="n">patch</span> <span class="o">--</span><span class="n">stdout</span> <span class="n">HEAD</span><span class="o">~</span><span class="mi">1</span> <span class="o">></span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">file</span><span class="o">.</span><span class="n">patch</span> </pre></div> </div> <p>Now you have the patch saved locally and you can attach it in a comment on the bug page.</p> </li> <li><p>For reviewers, to review that attached patch, run the following command:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">git</span> <span class="n">am</span> <span class="o"><~</span><span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">file</span><span class="o">.</span><span class="n">patch</span> </pre></div> </div> <p>This applies the patch locally as a commit, including the commit message, author, date, and all other metadata. However, if the patch author did not use <cite>format-patch</cite> to export the patch (perhaps they only used <cite>git show >local.patch</cite>), then the patch can be applied locally with:</p> <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">git</span> <span class="n">apply</span> <span class="n">path</span><span class="o">/</span><span class="n">to</span><span class="o">/</span><span class="n">local</span><span class="o">/</span><span class="n">file</span><span class="o">.</span><span class="n">patch</span> </pre></div> </div> </li> </ul> </section> <section id="secure-development-guidelines"> <h3>Secure development guidelines<a class="headerlink" href="#secure-development-guidelines" title="Link to this heading">¶</a></h3> <p>The OpenStack security team have collaboratively developed this set of guidelines and best practices to help avoid common mistakes that lead to security vulnerabilities within the OpenStack platform.</p> <div class="toctree-wrapper compound"> <ul> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_apply-restrictive-file-permissions.html">Apply Restrictive File Permissions</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_avoid-dangerous-input-parsing-libraries.html">Avoid dangerous file parsing and object serialization libraries</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_avoid-shell-true.html">Python Pipes to Avoid Shells</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_avoid-unvalidated-redirects.html">Unvalidated URL redirect</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_cross-site-request-forgery-csrf.html">Use CSRF tokens to avoid CSRF attacks</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_cross-site-scripting-xss.html">Escape user input to prevent XSS attacks</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_move-data-securely.html">Use secure channels for transmitting data</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_parameterize-database-queries.html">Parameterize Database Queries</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_protect-sensitive-data-in-files.html">Protect sensitive data in config files from disclosure</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_rootwrap-recommendations-and-plans.html">Using Rootwrap in OpenStack</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_strong-crypto.html">Use Strong and Established Cryptographic Elements</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_use-oslo-rootwrap-securely.html">Use oslo rootwrap securely</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_use-subprocess-securely.html">Use subprocess securely</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_using-file-paths.html">Restrict path access to prevent path traversal</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_using-temporary-files-securely.html">Create, use, and remove temporary files securely</a></li> <li class="toctree-l1"><a class="reference internal" href="guidelines/dg_validate-certificates.html">Validate certificates on HTTPS connections to avoid man-in-the-middle attacks</a></li> </ul> </div> </section> </section> </section> </div> </div> </div> <div class="docs-actions"> <a href="reporting.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: How to report security issues to OpenStack"></i></a> <a id="logABugLink3" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> <div class="row docs-byline bottom"> <div class="docs-updated">this page last updated: 2024-02-27 17:10:09</div> </div> <div class="row"> <div class="col-lg-8 col-md-8 col-sm-8 docs-license"> <a href="https://creativecommons.org/licenses/by/3.0/"> <img src="_static/images/docs/license.png" alt="Creative Commons Attribution 3.0 License"/> </a> <p> Except where otherwise noted, this document is licensed under <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 License</a>. See all <a href="https://www.openstack.org/legal"> OpenStack Legal Documents</a>. </p> </div> <div class="col-lg-4 col-md-4 col-sm-4 docs-actions-wrapper">  <a href="#" id="logABugLink2" class="docs-footer-actions"><i class="fa fa-bug"></i> found an error? report a bug</a> </div> </div> </div> <div class="col-lg-3 col-md-4 col-sm-4 col-lg-pull-9 col-md-pull-8 col-sm-pull-8 docs-sidebar"> <div class="btn-group docs-sidebar-releases"> <button onclick="location.href='/'" class="btn docs-sidebar-home" data-toggle="tooltip" data-placement="top" title="OpenStack Docs Home"><i class="fa fa-arrow-circle-o-left"></i></button> <button type="button" data-toggle="dropdown" class="btn docs-sidebar-release-select">OpenStack Documentation<i class="fa fa-caret-down"></i></button> <ul class="dropdown-menu docs-sidebar-dropdown" role="menu"> <li role="presentation" class="dropdown-header">Guides</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#install-guides">Install Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#user-guides">User Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#configuration-guides">Configuration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#ops-and-admin-guides">Operations and Administration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#api-guides">API Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#contributor-guides">Contributor Guides</a></li> <li role="presentation" class="dropdown-header">Languages</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/de/">Deutsch (German)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/fr/">Français (French)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/id/">Bahasa Indonesia (Indonesian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/it/">Italiano (Italian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ja/">日本語 (Japanese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ko_KR/">한국어 (Korean)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/pt_BR/">Português (Portuguese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/tr_TR/">Türkçe (Türkiye)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/zh_CN/">简体中文 (Simplified Chinese)</a></li> </ul> </div> <div class="docs-sidebar-toc"> <div class="docs-sidebar-toc"> <div class="docs-sidebar-section" id="local-table-of-contents"> <h4 class="docs-sidebar-section-title">Contents</h4> <ul> <li><a class="reference internal" href="#">OpenStack Security</a><ul> <li><a class="reference internal" href="#how-to-report-security-issues-to-openstack">How to report security issues to OpenStack</a><ul> <li><a class="reference internal" href="#vulnerability-management-team">Vulnerability Management Team</a></li> </ul> </li> <li><a class="reference internal" href="#security-information-for-openstack-deployers">Security information for OpenStack deployers</a><ul> <li><a class="reference internal" href="#openstack-security-advisories-ossa">OpenStack Security Advisories (OSSA)</a><ul> </ul> </li> <li><a class="reference internal" href="#openstack-security-notes">OpenStack Security Notes</a></li> <li><a class="reference internal" href="#openstack-security-guide">OpenStack Security Guide</a></li> </ul> </li> <li><a class="reference internal" href="#security-information-for-openstack-developers">Security information for OpenStack developers</a><ul> <li><a class="reference internal" href="#how-to-propose-and-review-a-security-patch">How to propose and review a security patch</a></li> <li><a class="reference internal" href="#secure-development-guidelines">Secure development guidelines</a></li> </ul> </li> </ul> </li> </ul> </div> </div> </div> </div> </div> </div> <footer> <div class="container"> <div class="row footer-links"> <div class="col-lg-2 col-sm-2"> <h3>OpenStack</h3> <ul> <li><a href="https://www.openstack.org/software/project-navigator/">Projects</a></li> <li><a href="https://security.openstack.org/">OpenStack Security</a></li> <li><a href="https://openstack.org/blog/">Blog</a></li> <li><a href="https://openstack.org/news/">News</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Community</h3> <ul> <li><a href="https://www.meetup.com/pro/openinfradev/">User Groups</a></li> <li><a href="https://openstack.org/community/events/">Events</a></li> <li><a href="https://openstack.org/community/jobs/">Jobs</a></li> <li><a href="https://openinfra.dev/members/">Companies</a></li> <li><a href="https://docs.openstack.org/contributors">Contribute</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Documentation</h3> <ul> <li><a href="https://docs.openstack.org">OpenStack Manuals</a></li> <li><a href="https://openstack.org/software/start/">Getting Started</a></li> <li><a href="https://developer.openstack.org">API Documentation</a></li> <li><a href="https://wiki.openstack.org">Wiki</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Branding & Legal</h3> <ul> <li><a href="https://openinfra.dev/legal">Legal Docs</a></li> <li><a href="https://openstack.org/brand/">Logos & Guidelines</a></li> <li><a href="https://openinfra.dev/legal/trademark-policy">Trademark Policy</a></li> <li><a href="https://openinfra.dev/privacy-policy">Privacy Policy</a></li> <li><a href="https://docs.openstack.org/contributors/common/setup-gerrit.html#individual-contributor-license-agreement">OpenInfra CLA</a></li> </ul> </div> <div class="col-lg-4 col-sm-4"> <h3>Stay In Touch</h3> <a href="https://twitter.com/OpenStack" target="_blank" class="social-icons footer-twitter"></a> <a href="https://www.facebook.com/openinfradev" target="_blank" class="social-icons footer-facebook"></a> <a href="https://www.linkedin.com/company/open-infrastructure-foundation" target="_blank" class="social-icons footer-linkedin"></a> <a href="https://www.youtube.com/user/OpenStackFoundation" target="_blank" class="social-icons footer-youtube"></a> <p class="fine-print"> The OpenStack project is provided under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 license</a>. Docs.openstack.org is powered by <a href="https://rackspace.com" target="_blank">Rackspace Cloud Computing</a>. </p> </div> </div> </div> </footer>  <script src="_static/js/jquery-3.2.1.min.js"></script>  <script src="_static/js/bootstrap.min.js"></script>  <script src="_static/js/navigation.js"></script>  <script src="_static/js/docs.js"></script>  <script> /* Build a description of this page including SHA, source location on git * repo, build time and the project's launchpad bug tag. Set the HREF of the * bug buttons */ var lineFeed = "%0A"; var gitURL = "Source: Can't derive source file URL"; /* there have been cases where "pagename" wasn't set; better check for it */ /* "giturl" is the URL of the source file on Git and is auto-generated by * openstackdocstheme. * * "pagename" is a standard sphinx parameter containing the name of * the source file, without extension. */ var sourceFile = "index" + ".rst"; gitURL = "Source: https://opendev.org/openstack/ossa/src/doc/source" + "/" + sourceFile; /* gitsha, project and bug_tag rely on variables in conf.py */ var gitSha = "SHA: 5b69c6e109ced7ab885f8b8c0478ea13211f2ff9"; var repositoryName = "openstack/ossa"; var bugProject = "ossa"; var bugTitle = "OpenStack Security in OpenStack Security Advisories"; var fieldTags = ""; var useStoryboard = ""; /* "last_updated" is the build date and time. It relies on the conf.py variable "html_last_updated_fmt", which should include year/month/day as well as hours and minutes */ var buildstring = "Release: 0.0.1.dev286 on 2024-02-27 17:10:09"; var fieldComment = encodeURI(buildstring) + lineFeed + encodeURI(gitSha) + lineFeed + encodeURI(gitURL) ; logABug(bugTitle, bugProject, fieldComment, fieldTags, repositoryName, useStoryboard); </script> </body> </html>