Google Git
Sign in
apache / cloudstack-www / 2ba7403f4cc24a0c867c8a5e52a96e4f87f741fb / . / content / security.html
blob: 7730385791e7d564d1925c51eae7383d943c6f73 [file] [log] [blame]
<!DOCTYPE html>
<html>
<head>
<title>Apache CloudStack: Open Source Cloud Computing</title>
<meta name="description" content="CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services">
<meta itemprop="name" content="Apache Cloudstack">
<meta itemprop="description" content="CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services">
<meta itemprop="image" content="https://cloudstack.apache.org/images/monkey-144.png">
<meta property="og:title" content="Apache Cloudstack">
<meta property="og:description" content="CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services">
<meta property="og:site_name" content="Apache Cloudstack"/>
<meta property="og:image" content="https://cloudstack.apache.org/images/monkey-144.png">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Apache Cloudstack">
<meta name="twitter:description" content="CloudStack is open source cloud computing software for creating, managing, and deploying infrastructure cloud services">
<meta name="twitter:image:src" content="https://cloudstack.apache.org/images/monkey-144.png">
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=1">
<link href="stylesheets/bootstrap.css" rel="stylesheet" media="screen">
<link href="stylesheets/font-awesome.css" rel="stylesheet">
<link href="stylesheets/bootswatch.min.css" rel="stylesheet">
<link href="stylesheets/custom.css" rel="stylesheet">
<link rel="shortcut icon" href="images/favicon.ico">
<link rel="icon" href="images/favicon.ico">
<!-- {% if headers.notice %}{{ headers.notice }}{% endif %} -->
<!-- Twitter Bootstrap and jQuery after this line. -->
<script src="https://code.jquery.com/jquery-latest.js"></script>
<script src="https://netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script>
<script>
$('.dropdown-toggle').dropdown();
$('.nav-collapse').collapse();
</script>
</head>
<body>
<div class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<a href="index.html" class="navbar-brand"><img class="" src="images/new-logo-sm.png" style="width: 200px" alt="Apache Cloudstack"></a>
<button class="navbar-toggle collapsed" type="button" data-toggle="collapse" data-target="#navbar-main">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="navbar-collapse collapse" id="navbar-main">
<ul class="nav navbar-nav">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="about">About <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="about">
<li><a tabindex="-1" href="about.html">About</a></li>
<li class="divider"></li>
<li><a tabindex="-1" href="https://blogs.apache.org/cloudstack/" target="_blank">Blog<span class="glyphicon glyphicon-share-alt pull-right"></span></a></li>
<li><a tabindex="-1" href="history.html">History</a></li>
<li><a tabindex="-1" href="features.html">Features</a></li>
<li><a tabindex="-1" href="bylaws.html">Community Bylaws</a></li>
<li><a tabindex="-1" href="who.html">Who We Are</a></li>
<li><a tabindex="-1" href="security.html">Security</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="community">Community <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="community">
<li><a tabindex="-1" href="contribute.html">Get Involved</a></li>
<li><a tabindex="-1" href="developers.html">Developers</a></li>
<li><a tabindex="-1" href="mailing-lists.html">Mailing Lists</a></li>
<li><a tabindex="-1" href="http://cloudstackcollab.org/" target="_blank">Events &amp; Meetups <span class="glyphicon glyphicon-share-alt pull-right"></span></a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="users">Users <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="users">
<li><a tabindex="-1" href="users.html">Known Users</a></li>
<li><a tabindex="-1" href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/Case+Studies" target="_blank">Case Studies <span class="glyphicon glyphicon-share-alt pull-right"></span></a></li>
<li><a tabindex="-1" href="survey.html">Take Survey</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="usecases">Use Cases <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="usecases">
<li><a tabindex="-1" href="cloud-builders.html">Cloud Builders</a></li>
<li><a tabindex="-1" href="kubernetes.html">Kubernetes</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="docs">Documentation <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="docs">
<li><a tabindex="-1" href="http://docs.cloudstack.apache.org" target="_blank">CloudStack Documentation</span></a></li>
<li><a tabindex="-1" href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/Home" target="_blank">Wiki</a></li>
<li><a tabindex="-1" href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Books" target="_blank">Books</a></li>
<li><a tabindex="-1" href="api.html">API Documentation</a></li>
<li class="divider"></li>
<li><a tabindex="-1">Archived Documentation</a></li>
<li><a tabindex="-1" href="http://docs.cloudstack.apache.org/projects/archived-cloudstack-getting-started" target="_blank">&nbsp;&nbsp;&nbsp;Getting Started Docs</span></a></li>
<li><a tabindex="-1" href="http://docs.cloudstack.apache.org/projects/archived-cloudstack-installation" target="_blank">&nbsp;&nbsp;&nbsp;Installation Docs</a></li>
<li><a tabindex="-1" href="http://docs.cloudstack.apache.org/projects/archived-cloudstack-administration" target="_blank">&nbsp;&nbsp;&nbsp;Administration Docs</a></li>
<li><a tabindex="-1" href="http://docs.cloudstack.apache.org/projects/archived-cloudstack-release-notes" target="_blank">&nbsp;&nbsp;&nbsp;Release Notes</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="download">Download <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="download">
<li><a tabindex="-1" href="downloads.html">CloudStack Releases</a></li>
<li><a tabindex="-1" href="downloads.html#cloudmonkey">CloudMonkey</a></li>
<li><a tabindex="-1" href="archives.html">Release Archive</a></li>
</ul>
</li>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="apache">Apache <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="apache">
<li><a tabindex="-1" href="http://apache.org">Apache Software Foundation</a></li>
<li><a tabindex="-1" href="http://www.apache.org/licenses/">License</a></li>
<li><a tabindex="-1" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a tabindex="-1" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="container">
<div class="bs-docs-section">
<div class="row">
<div class="col-lg-12">
<div class="page-header">
<h1 id="indicators">Apache CloudStack: Security</h1>
</div>
</div>
</div>
<p>The Apache CloudStack project understands that as a core infrastructure project, the application security of Apache CloudStack is of critical importance to the community and users.</p>
<h2 id="reporting-potential-vulnerabilities-in-apache-cloudstack">Reporting Potential Vulnerabilities in Apache CloudStack</h2>
<p>If you've found an issue that you believe is a security vulnerability in a released version of CloudStack, please report it to the <a href="http://www.apache.org/security/">ASF security team</a> via email to <a href="&#109;&#097;&#105;&#108;&#116;&#111;:&#115;&#101;&#099;&#117;&#114;&#105;&#116;&#121;&#064;&#097;&#112;&#097;&#099;&#104;&#101;&#046;&#111;&#114;&#103;">&#115;&#101;&#099;&#117;&#114;&#105;&#116;&#121;&#064;&#097;&#112;&#097;&#099;&#104;&#101;&#046;&#111;&#114;&#103;</a> with details about the vulnerability, how it might be exploited, and any additional information that might be useful.</p>
<p>Upon notification, the ASF security team will work with the CloudStack PMC through validation and fixing the issue. If the issue is validated, it generally takes 2-4 weeks from notification to public announcement of the vulnerability. During this time, the team will communicate with you as they proceed through the response procedure, and ask that the issue not be announced before an agreed-upon date.</p>
<p><strong>Please do not create publicly-viewable JIRA tickets related to the issue</strong>. If validated, a JIRA ticket with the security flag set will be created for tracking the issue in a non-public manner, and made public at the appropriate time.</p>
<h2 id="procedure-for-responding-to-potential-security-issues">Procedure for Responding to Potential Security Issues</h2>
<p>We're follow the Apache Security Team's procedures documented <a href="http://www.apache.org/security/committers.html">here</a>.</p>
<h2 id="for-further-information">For further information</h2>
<p>Further information about Apache CloudStack's security practices can be found in the <a href="https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Security">CloudStack Security wiki page</a>.</p>
<footer>
<p>Copyright © 2020 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. <br/>
"Apache", "CloudStack", "Apache CloudStack", the Apache CloudStack logo, the Apache CloudStack Cloud Monkey logo and the Apache feather logos are registered trademarks or trademarks of The Apache Software Foundation.</p>
<p><a href="/trademark-guidelines.html">Apache CloudStack Trademark Usage</a> - <a href="/bylaws.html">Apache CloudStack Community ByLaws</a></p>
</footer>
</div>
</div>
</div>
</body>
</html>