Skip to content

Security: Cray/lustre

Security

SECURITY.md

Security Policy

Supported Versions

The currently supported maintenance release is 2.15.

Version Supported
2.15.x
2.12.x limited
2.10.x
2.7.x

Reporting a Vulnerability

If you have details of a suspected security vulnerability in Lustre code that you wish to report then please email us at security@whamcloud.com with the details.

Please do not file a public JIRA issue for a security vulnerability - we do not want to draw attention to the vulnerability until a fix has been developed and administrators have been alerted and have had some time to put a mitigation in place.

Ideally the reporting email should have as much detail as possible:

  • reproducer, versions affected, fix if available, etc.
  • indicate to whom (individual and/or affiliation) that credit for finding the issue should be reported
  • details of any CVE already reserved
  • our intentions around disclosing the details of the vulnerability

We aim to respond to any such reports within three business days of receipt.

There aren’t any published security advisories