blob: 9e0608ed5fb501b76781d8f31a83b4ef76107a0b [file] [log] [blame]
"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[7087],{3905:(e,t,r)=>{r.d(t,{Zo:()=>p,kt:()=>d});var n=r(67294);function a(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function i(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,n)}return r}function o(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?i(Object(r),!0).forEach((function(t){a(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):i(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function c(e,t){if(null==e)return{};var r,n,a=function(e,t){if(null==e)return{};var r,n,a={},i=Object.keys(e);for(n=0;n<i.length;n++)r=i[n],t.indexOf(r)>=0||(a[r]=e[r]);return a}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(n=0;n<i.length;n++)r=i[n],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(a[r]=e[r])}return a}var u=n.createContext({}),l=function(e){var t=n.useContext(u),r=t;return e&&(r="function"==typeof e?e(t):o(o({},t),e)),r},p=function(e){var t=l(e.components);return n.createElement(u.Provider,{value:t},e.children)},s="mdxType",h={inlineCode:"code",wrapper:function(e){var t=e.children;return n.createElement(n.Fragment,{},t)}},f=n.forwardRef((function(e,t){var r=e.components,a=e.mdxType,i=e.originalType,u=e.parentName,p=c(e,["components","mdxType","originalType","parentName"]),s=l(r),f=a,d=s["".concat(u,".").concat(f)]||s[f]||h[f]||i;return r?n.createElement(d,o(o({ref:t},p),{},{components:r})):n.createElement(d,o({ref:t},p))}));function d(e,t){var r=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var i=r.length,o=new Array(i);o[0]=f;var c={};for(var u in t)hasOwnProperty.call(t,u)&&(c[u]=t[u]);c.originalType=e,c[s]="string"==typeof e?e:a,o[1]=c;for(var l=2;l<i;l++)o[l]=r[l];return n.createElement.apply(null,o)}return n.createElement.apply(null,r)}f.displayName="MDXCreateElement"},41529:(e,t,r)=>{r.r(t),r.d(t,{contentTitle:()=>o,default:()=>s,frontMatter:()=>i,metadata:()=>c,toc:()=>u});var n=r(87462),a=(r(67294),r(3905));const i={title:"Apache CloudStack Security"},o=void 0,c={type:"mdx",permalink:"/security",source:"@site/src/pages/security.md",title:"Apache CloudStack Security",description:"Apache CloudStack: Security",frontMatter:{title:"Apache CloudStack Security"}},u=[],l={toc:u},p="wrapper";function s(e){let{components:t,...r}=e;return(0,a.kt)(p,(0,n.Z)({},l,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("h1",null,"Apache CloudStack: Security"),(0,a.kt)("p",null,"The Apache CloudStack project understands that as a core infrastructure project,\nthe application security of Apache CloudStack is of critical importance to the\ncommunity and users."),(0,a.kt)("h2",null,"Reporting Potential Vulnerabilities in Apache CloudStack"),(0,a.kt)("p",null,"If you've found an issue that you believe is a security vulnerability in a\nreleased version of CloudStack, please report it to the ",(0,a.kt)("a",{parentName:"p",href:"https://www.apache.org/security/"},"ASF security\nteam")," via email to\n",(0,a.kt)("a",{parentName:"p",href:"mailto:security@apache.org"},"security@apache.org")," with details about the\nvulnerability, how it might be exploited, and any additional information that\nmight be useful."),(0,a.kt)("p",null,"Upon notification, the ASF security team will work with the CloudStack PMC\nthrough validation and fixing the issue. If the issue is validated, it generally\ntakes 2-4 weeks from notification to public announcement of the vulnerability.\nDuring this time, the team will communicate with you as they proceed through the\nresponse procedure, and ask that the issue not be announced before an\nagreed-upon date."),(0,a.kt)("p",null,(0,a.kt)("strong",{parentName:"p"},"Please do not create publicly-viewable JIRA tickets related to the issue"),". If\nvalidated, a JIRA ticket with the security flag set will be created for tracking\nthe issue in a non-public manner, and made public at the appropriate time."),(0,a.kt)("h2",null,"Procedure for Responding to Potential Security Issues"),(0,a.kt)("p",null,"We're follow the Apache Security Team's procedures documented\n",(0,a.kt)("a",{parentName:"p",href:"https://www.apache.org/security/committers.html"},"here"),"."),(0,a.kt)("h2",null,"For further information"),(0,a.kt)("p",null,"Further information about Apache CloudStack's security practices can be found in\nthe ",(0,a.kt)("a",{parentName:"p",href:"https://cwiki.apache.org/confluence/display/CLOUDSTACK/CloudStack+Security"},"CloudStack Security wiki\npage"),"."))}s.isMDXComponent=!0}}]);