Security

Reporting a vulnerability

Note

Please do not report security issues using our public Github instance. Usethe private mailing list described below.

If you believe you’ve found a security issue or a vulnerability, please send adescription of it to our private mailing list at security@libcloud.apache.org

You are also encouraged to encrypt this email using PGP. Keys of our developerscan be found at https://www.apache.org/dist/libcloud/KEYS.

Once you’ve submitted an issue, you should receive an acknowledgment from oneour of team members in 48 hours or less. If further action is necessary, youmay receive additional follow-up emails.

How are vulnerabilities handled?

We follow a standard Apache Software Foundation vulnerability handling processwhich is described at http://www.apache.org/security/committers.html#vulnerability-handling