Reporting a vulnerability¶
Please do not report security issues using our public JIRA instance. Use the private mailing list described below.
If you believe you’ve found a security issue or a vulnerability, please send a description of it to our private mailing list at firstname.lastname@example.org
You are also encouraged to encrypt this email using PGP. Keys of our developers can be found at https://www.apache.org/dist/libcloud/KEYS.
Once you’ve submitted an issue, you should receive an acknowledgment from one our of team members in 48 hours or less. If further action is necessary, you may receive additional follow-up emails.
How are vulnerabilities handled?¶
We follow a standard Apache Software Foundation vulnerability handling process which is described at http://www.apache.org/security/committers.html#vulnerability-handling