How to report security issues to OpenStack — OpenStack Security Advisories 0.0.1.dev286 documentation

<!DOCTYPE html> <html lang="en" data-content_root="./"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" /> <title>How to report security issues to OpenStack — OpenStack Security Advisories 0.0.1.dev286 documentation</title> <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=639405c8" /> <link rel="stylesheet" type="text/css" href="_static/basic.css?v=fb9458d3" /> <script src="_static/documentation_options.js?v=84aa02c6"></script> <script src="_static/doctools.js?v=9a2dae69"></script> <script src="_static/sphinx_highlight.js?v=dc90522c"></script> <link rel="search" title="Search" href="search.html" /> <link rel="next" title="Repositories Overseen" href="repos-overseen.html" /> <link rel="prev" title="OpenStack Security" href="index.html" /> <meta name="viewport" content="width=device-width, initial-scale=1">  <link href="_static/css/bootstrap.min.css" rel="stylesheet">  <link href="_static/css/font-awesome.min.css" rel="stylesheet">  <link href="_static/css/combined.css" rel="stylesheet">  <link href="_static/css/search.css" rel="stylesheet">  <link href="_static/pygments.css" rel="stylesheet">     <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-17511903-1', 'auto'); ga('send', 'pageview'); </script>  </head><body>  <script> (function (window, document) { var loader = function () { var script = document.createElement("script"), tag = document.getElementsByTagName("script")[0]; script.src = "https://search.openstack.org/widget/embed.min.js?t="+Date.now(); tag.parentNode.insertBefore(script, tag); }; window.addEventListener ? window.addEventListener("load", loader, false) : window.attachEvent("onload", loader); })(window, document); </script> <nav class="navbar navbar-default" role="navigation"> <div class="container">  <div class="navbar-header"> <button class="navbar-toggle" data-target="#bs-example-navbar-collapse-1" data-toggle="collapse" type="button"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <div class="brand-wrapper"> <a class="navbar-brand" href="https://www.openstack.org/"></a> </div> <div class="search-icon show"><i class="fa fa-search"></i> Search</div></div> <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1"> <div class="search-container tiny"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </div> <ul class="nav navbar-nav navbar-main show"> <li class="search-container-mobile"> <div class="openstack-search-bar" data-baseUrl="search.openstack.org" data-context="docs-openstack"></div> </li> <li>  <a href="https://www.openstack.org/software/" class="drop" id="dropdownMenuSoftware">Software <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuSoftware"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/">Overview</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/openstack-components">OpenStack Components</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/sdks">SDKs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/project-navigator/deployment-tools">Deployment Tools</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/assets/software/projectmap/openstack-map.pdf" target="_blank">OpenStack Map</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/software/sample-configs/">Sample Configs</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/use-cases/" class="drop" id="dropdownMenuUsers">Use Cases <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuUsers"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/">Users in Production</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/bare-metal/">Ironic Bare Metal</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/edge-computing/">Edge Computing</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/telecoms-and-nfv/">Telecom & NFV</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/science/">Science and HPC</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/containers/">Containers</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/use-cases/enterprise/">Enterprise</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/surveys/landing">User Survey</a></li> </ul> </li> <li>  <a href="https://openinfra.dev/summit" class="drop" id="dropdownMenuEvents">Events <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/summit">OpenInfra Summit</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/ptg/">Project Teams Gathering</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/opendev-2020/">OpenDev</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/community-events/">Community Events</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/events/openstackdays">OpenStack & OpenInfra Days</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/videos/">Summit Videos</a></li> </ul> </li> <li> <a href="https://www.openstack.org/community/" class="drop" id="dropdownMenuCommunity">Community <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu" role="menu" aria-labelledby="dropdownMenuCommunity"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/">Welcome! Start Here</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/tech-committee">OpenStack Technical Committee</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/speakers/">Speakers Bureau</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://wiki.openstack.org">OpenStack Wiki</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/coa/">Get Certified (COA)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/jobs/">Jobs</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketing/">Marketing Resources</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/news/">Community News</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="http://superuser.openstack.org">Superuser Magazine</a></li> <li role="presentation" class="divider"></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/community/supporting-organizations/">OpenInfra Foundation Supporting Organizations</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">OpenInfra Foundation</a></li> </ul> </li> <li> <a href="https://www.openstack.org/marketplace/" class="drop" id="dropdownMenuLearn">Marketplace <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuEvents"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/training/">Training</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/distros/">Distros & Appliances</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/public-clouds/">Public Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/hosted-private-clouds/">Hosted Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/remotely-managed-private-clouds/">Remotely Managed Private Clouds</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/consulting/">Consulting & Integrators</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://www.openstack.org/marketplace/drivers/">Drivers</a></li> </ul> </li> <li> <a href="https://www.openstack.org/blog/">Blog</a> </li> <li> <a href="http://docs.openstack.org/">Docs</a> </li> <li class="join-nav-section">  <a href="https://openinfra.dev/join/" id="dropdownMenuJoin">Join <i class="fa fa-caret-down"></i></a> <ul class="dropdown-menu dropdown-hover" role="menu" aria-labelledby="dropdownMenuJoin" style="display: none;"> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sign up for Foundation Membership</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev/join/">Sponsor the Foundation</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://openinfra.dev">More about the Foundation</a></li> </ul> </li> <li>  <a href="https://www.openstack.org/Security/login/?BackURL=/home/" class="sign-in-btn">Log In</a> </li> </ul> </div> </div>  </nav> <div class="container docs-book-wrapper"> <div class="row"> <div class="col-lg-9 col-md-8 col-sm-8 col-lg-push-3 col-md-push-4 col-sm-push-4"> <div class="row docs-title"> <div class="col-lg-8"> <h1>How to report security issues to OpenStack</h1> </div> <div class="docs-actions"> <a href="index.html"><i class="fa fa-angle-double-left" data-toggle="tooltip" data-placement="top" title="Previous: OpenStack Security"></i></a> <a href="repos-overseen.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: Repositories Overseen"></i></a> <a id="logABugLink1" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> </div> <div class="row"> <div class="col-lg-12"> <div class="docs-body" role="main"> <section id="how-to-report-security-issues-to-openstack"> <h1>How to report security issues to OpenStack<a class="headerlink" href="#how-to-report-security-issues-to-openstack" title="Link to this heading">¶</a></h1> <p>If you think you’ve identified a vulnerability, please work with us to rectify and disclose the issue together. We provide two ways to report issues to the OpenStack Vulnerability Management Team depending on how sensitive the issue is:</p> <ul class="simple"> <li><p>Check the project’s documentation to determine where it receives bug reports. If on <a class="reference external" href="https://storyboard.openstack.org/">https://storyboard.openstack.org/</a> then log in and create a new story, making sure to check both the <strong>Private</strong> and <strong>Vulnerability or Security-related</strong> checkboxes, and selecting the relevant project for the initial task before saving. If on <a class="reference external" href="https://bugs.launchpad.net/">https://bugs.launchpad.net/</a> then find the project there, log in click the ‘Report a bug’ link at the right, fill in the ‘Summary’ and ‘Further information’ fields describing the issue, then click the ‘This bug is a security vulnerability’ checkbox near the bottom of the page before submitting it. This will make the bug Private and only accessible to the Vulnerability Management Team.</p></li> <li><p>If the issue is extremely sensitive or you’re otherwise unable to use the bug tracker directly, please send an E-mail message to one or more of the <a class="reference internal" href="vmt.html"><span class="doc">Vulnerability Management Team</span></a>’s members. You’re encouraged to encrypt messages to their OpenPGP keys.</p></li> </ul> <div class="admonition note"> <p class="admonition-title">Note</p> <p>All private reports of suspected vulnerabilities are embargoed for a maximum of 90 days. Unless unusual circumstances arise, any defect reported in private will be made public within 90 calendar days from when it is received, even if a solution has not been identified.</p> </div> </section> </div> </div> </div> <div class="docs-actions"> <a href="index.html"><i class="fa fa-angle-double-left" data-toggle="tooltip" data-placement="top" title="Previous: OpenStack Security"></i></a> <a href="repos-overseen.html"><i class="fa fa-angle-double-right" data-toggle="tooltip" data-placement="top" title="Next: Repositories Overseen"></i></a> <a id="logABugLink3" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a> </div> <div class="row docs-byline bottom"> <div class="docs-updated">this page last updated: 2024-02-27 17:10:09</div> </div> <div class="row"> <div class="col-lg-8 col-md-8 col-sm-8 docs-license"> <a href="https://creativecommons.org/licenses/by/3.0/"> <img src="_static/images/docs/license.png" alt="Creative Commons Attribution 3.0 License"/> </a> <p> Except where otherwise noted, this document is licensed under <a href="https://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0 License</a>. See all <a href="https://www.openstack.org/legal"> OpenStack Legal Documents</a>. </p> </div> <div class="col-lg-4 col-md-4 col-sm-4 docs-actions-wrapper">  <a href="#" id="logABugLink2" class="docs-footer-actions"><i class="fa fa-bug"></i> found an error? report a bug</a> </div> </div> </div> <div class="col-lg-3 col-md-4 col-sm-4 col-lg-pull-9 col-md-pull-8 col-sm-pull-8 docs-sidebar"> <div class="btn-group docs-sidebar-releases"> <button onclick="location.href='/'" class="btn docs-sidebar-home" data-toggle="tooltip" data-placement="top" title="OpenStack Docs Home"><i class="fa fa-arrow-circle-o-left"></i></button> <button type="button" data-toggle="dropdown" class="btn docs-sidebar-release-select">OpenStack Documentation<i class="fa fa-caret-down"></i></button> <ul class="dropdown-menu docs-sidebar-dropdown" role="menu"> <li role="presentation" class="dropdown-header">Guides</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#install-guides">Install Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#user-guides">User Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#configuration-guides">Configuration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#ops-and-admin-guides">Operations and Administration Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#api-guides">API Guides</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/index.html#contributor-guides">Contributor Guides</a></li> <li role="presentation" class="dropdown-header">Languages</li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/de/">Deutsch (German)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/fr/">Français (French)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/id/">Bahasa Indonesia (Indonesian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/it/">Italiano (Italian)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ja/">日本語 (Japanese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/ko_KR/">한국어 (Korean)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/pt_BR/">Português (Portuguese)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/tr_TR/">Türkçe (Türkiye)</a></li> <li role="presentation"><a role="menuitem" tabindex="-1" href="https://docs.openstack.org/zh_CN/">简体中文 (Simplified Chinese)</a></li> </ul> </div> <div class="docs-sidebar-toc"> </div> </div> </div> </div> <footer> <div class="container"> <div class="row footer-links"> <div class="col-lg-2 col-sm-2"> <h3>OpenStack</h3> <ul> <li><a href="https://www.openstack.org/software/project-navigator/">Projects</a></li> <li><a href="https://security.openstack.org/">OpenStack Security</a></li> <li><a href="https://openstack.org/blog/">Blog</a></li> <li><a href="https://openstack.org/news/">News</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Community</h3> <ul> <li><a href="https://www.meetup.com/pro/openinfradev/">User Groups</a></li> <li><a href="https://openstack.org/community/events/">Events</a></li> <li><a href="https://openstack.org/community/jobs/">Jobs</a></li> <li><a href="https://openinfra.dev/members/">Companies</a></li> <li><a href="https://docs.openstack.org/contributors">Contribute</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Documentation</h3> <ul> <li><a href="https://docs.openstack.org">OpenStack Manuals</a></li> <li><a href="https://openstack.org/software/start/">Getting Started</a></li> <li><a href="https://developer.openstack.org">API Documentation</a></li> <li><a href="https://wiki.openstack.org">Wiki</a></li> </ul> </div> <div class="col-lg-2 col-sm-2"> <h3>Branding & Legal</h3> <ul> <li><a href="https://openinfra.dev/legal">Legal Docs</a></li> <li><a href="https://openstack.org/brand/">Logos & Guidelines</a></li> <li><a href="https://openinfra.dev/legal/trademark-policy">Trademark Policy</a></li> <li><a href="https://openinfra.dev/privacy-policy">Privacy Policy</a></li> <li><a href="https://docs.openstack.org/contributors/common/setup-gerrit.html#individual-contributor-license-agreement">OpenInfra CLA</a></li> </ul> </div> <div class="col-lg-4 col-sm-4"> <h3>Stay In Touch</h3> <a href="https://twitter.com/OpenStack" target="_blank" class="social-icons footer-twitter"></a> <a href="https://www.facebook.com/openinfradev" target="_blank" class="social-icons footer-facebook"></a> <a href="https://www.linkedin.com/company/open-infrastructure-foundation" target="_blank" class="social-icons footer-linkedin"></a> <a href="https://www.youtube.com/user/OpenStackFoundation" target="_blank" class="social-icons footer-youtube"></a> <p class="fine-print"> The OpenStack project is provided under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache 2.0 license</a>. Docs.openstack.org is powered by <a href="https://rackspace.com" target="_blank">Rackspace Cloud Computing</a>. </p> </div> </div> </div> </footer>  <script src="_static/js/jquery-3.2.1.min.js"></script>  <script src="_static/js/bootstrap.min.js"></script>  <script src="_static/js/navigation.js"></script>  <script src="_static/js/docs.js"></script>  <script> /* Build a description of this page including SHA, source location on git * repo, build time and the project's launchpad bug tag. Set the HREF of the * bug buttons */ var lineFeed = "%0A"; var gitURL = "Source: Can't derive source file URL"; /* there have been cases where "pagename" wasn't set; better check for it */ /* "giturl" is the URL of the source file on Git and is auto-generated by * openstackdocstheme. * * "pagename" is a standard sphinx parameter containing the name of * the source file, without extension. */ var sourceFile = "reporting" + ".rst"; gitURL = "Source: https://opendev.org/openstack/ossa/src/doc/source" + "/" + sourceFile; /* gitsha, project and bug_tag rely on variables in conf.py */ var gitSha = "SHA: 5b69c6e109ced7ab885f8b8c0478ea13211f2ff9"; var repositoryName = "openstack/ossa"; var bugProject = "ossa"; var bugTitle = "How to report security issues to OpenStack in OpenStack Security Advisories"; var fieldTags = ""; var useStoryboard = ""; /* "last_updated" is the build date and time. It relies on the conf.py variable "html_last_updated_fmt", which should include year/month/day as well as hours and minutes */ var buildstring = "Release: 0.0.1.dev286 on 2024-02-27 17:10:09"; var fieldComment = encodeURI(buildstring) + lineFeed + encodeURI(gitSha) + lineFeed + encodeURI(gitURL) ; logABug(bugTitle, bugProject, fieldComment, fieldTags, repositoryName, useStoryboard); </script> </body> </html>

CINXE.COM

How to report security issues to OpenStack — OpenStack Security Advisories 0.0.1.dev286 documentation