https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&feed=atom&action=history
Security Reporting - Revision history
2024-03-28T23:45:28Z
Revision history for this page on the wiki
MediaWiki 1.35.11
https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&diff=11539&oldid=prev
Thomas Lamprecht: Protected "Security Reporting": To important for open edit. ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))
2022-12-08T12:15:10Z
<p>Protected "<a href="/wiki/Security_Reporting" title="Security Reporting">Security Reporting</a>": To important for open edit. ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite))</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:15, 8 December 2022</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Thomas Lamprecht
https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&diff=11495&oldid=prev
Thomas Lamprecht at 12:15, 20 November 2022
2022-11-20T12:15:03Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:15, 20 November 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">__NOTOC__</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Proxmox Server Solutions takes security of its projects seriously.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Proxmox Server Solutions takes security of its projects seriously.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner.</div></td></tr>
</table>
Thomas Lamprecht
https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&diff=11494&oldid=prev
Thomas Lamprecht: /* Infrastructure Issues */ wording
2022-11-20T12:14:36Z
<p><span dir="auto"><span class="autocomment">Infrastructure Issues: </span> wording</span></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 12:14, 20 November 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l78" >Line 78:</td>
<td colspan="2" class="diff-lineno">Line 78:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* for bugs in the underlying software we recommend contacting the respective upstream, if that isn't active anymore it can make sense to give our security team a heads-up</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* for bugs in the underlying software we recommend contacting the respective upstream, if that isn't active anymore it can make sense to give our security team a heads-up</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* for configuration bugs you can follow <del class="diffchange diffchange-inline">above </del>standard reporting and contact us <del class="diffchange diffchange-inline">over </del>email<del class="diffchange diffchange-inline">.</del></div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* for configuration bugs<ins class="diffchange diffchange-inline">, </ins>you can follow <ins class="diffchange diffchange-inline">the </ins>standard reporting <ins class="diffchange diffchange-inline">procedure above </ins>and contact us <ins class="diffchange diffchange-inline">via </ins>email</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>: <del class="diffchange diffchange-inline">But </del>note <del class="diffchange diffchange-inline">here </del>that <del class="diffchange diffchange-inline">issues </del>found by automatic scanners often <del class="diffchange diffchange-inline">are </del>either <del class="diffchange diffchange-inline">out-dated practice </del>or <del class="diffchange diffchange-inline">very unlikely to </del>have <del class="diffchange diffchange-inline">a </del>practical impact (e.g., <del class="diffchange diffchange-inline">for web-sites </del>where the browser can already <del class="diffchange diffchange-inline">do the </del>protection itself).</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>: <ins class="diffchange diffchange-inline">Please </ins>note<ins class="diffchange diffchange-inline">, however, </ins>that <ins class="diffchange diffchange-inline">problems </ins>found by automatic scanners <ins class="diffchange diffchange-inline">are </ins>often either <ins class="diffchange diffchange-inline">outdated practices </ins>or have <ins class="diffchange diffchange-inline">little </ins>practical impact (e.g., <ins class="diffchange diffchange-inline">on websites </ins>where the browser can already <ins class="diffchange diffchange-inline">take care of </ins>protection itself).</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>: Some scanners also report our <del class="diffchange diffchange-inline">mail </del>settings as problematic, but they are deliberately chosen <del class="diffchange diffchange-inline">as </del>we also <del class="diffchange diffchange-inline">run </del>various <del class="diffchange diffchange-inline">mail </del>services <del class="diffchange diffchange-inline">like </del>mailing lists that require <del class="diffchange diffchange-inline">specific </del>attention.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>: Some scanners also report our <ins class="diffchange diffchange-inline">email </ins>settings as problematic, but they are deliberately chosen <ins class="diffchange diffchange-inline">because </ins>we also <ins class="diffchange diffchange-inline">operate </ins>various <ins class="diffchange diffchange-inline">email </ins>services <ins class="diffchange diffchange-inline">such as </ins>mailing lists that require <ins class="diffchange diffchange-inline">special </ins>attention.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Bug Bounties ==</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Bug Bounties ==</div></td></tr>
</table>
Thomas Lamprecht
https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&diff=11491&oldid=prev
Thomas Lamprecht at 08:32, 16 November 2022
2022-11-16T08:32:55Z
<p></p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 08:32, 16 November 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Proxmox Server Solutions takes security seriously.</div></td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Proxmox Server Solutions takes security <ins class="diffchange diffchange-inline">of its projects </ins>seriously.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l72" >Line 72:</td>
<td colspan="2" class="diff-lineno">Line 72:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>We would still appreciate if you notify us about any assigned ID, for coordination and communication purpose.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>We would still appreciate if you notify us about any assigned ID, for coordination and communication purpose.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">== Infrastructure Issues ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">If you found an issue within our infrastructure's software we'd appreciate if you use one of the following approaches, depending on the kind of bug in question:</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* for bugs in the underlying software we recommend contacting the respective upstream, if that isn't active anymore it can make sense to give our security team a heads-up</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* for configuration bugs you can follow above standard reporting and contact us over email.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">: But note here that issues found by automatic scanners often are either out-dated practice or very unlikely to have a practical impact (e.g., for web-sites where the browser can already do the protection itself).</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">: Some scanners also report our mail settings as problematic, but they are deliberately chosen as we also run various mail services like mailing lists that require specific attention.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">== Bug Bounties ==</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">Proxmox Server Solutions GmbH currently does not offer paid bug bounties. We understand that security research takes a lot of effort, and we'll periodically evaluate if we can allocate some funding in the future.</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category: HOWTO]]</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category: HOWTO]]</div></td></tr>
</table>
Thomas Lamprecht
https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&diff=11489&oldid=prev
Martin: added HOWTO category
2022-11-03T11:37:24Z
<p>added HOWTO category</p>
<table class="diff diff-contentalign-left diff-editfont-monospace" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 11:37, 3 November 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l72" >Line 72:</td>
<td colspan="2" class="diff-lineno">Line 72:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>We would still appreciate if you notify us about any assigned ID, for coordination and communication purpose.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>We would still appreciate if you notify us about any assigned ID, for coordination and communication purpose.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category: HOWTO]]</ins></div></td></tr>
</table>
Martin
https://pve.proxmox.com/mediawiki/index.php?title=Security_Reporting&diff=11438&oldid=prev
Thomas Lamprecht: Created page with "Proxmox Server Solutions takes security seriously. As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner. Note that..."
2022-09-12T07:23:16Z
<p>Created page with "Proxmox Server Solutions takes security seriously. As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner. Note that..."</p>
<p><b>New page</b></p><div>Proxmox Server Solutions takes security seriously.<br />
As such, we'd like to know when a security bug is found so that it can be fixed and disclosed in a timely manner.<br />
<br />
Note that we only support the latest point release, where the version is not yet EOL (End of Life). So, before reporting, please verify that the issue is present in a release that is still supported.<br />
For that, consider the following support timeline tables:<br />
<br />
* Proxmox VE: https://pve.proxmox.com/pve-docs/chapter-pve-faq.html#faq-support-table<br />
* Proxmox Backup Server: https://pbs.proxmox.com/docs/faq.html#how-long-will-my-proxmox-backup-server-version-be-supported<br />
* Proxmox Mail Gateway: https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#faq-support-table<br />
<br />
== Contact ==<br />
<br />
Please report security bugs to the Proxmox security team by email at <[mailto:security@proxmox.com security@proxmox.com]>.<br />
<br />
Include all relevant information required to reproduce the issue.<br />
<br />
Any exploit code is considered helpful - we will treat such samples as private and won't publish them.<br />
If you or your organization already assembled a fix and has signed [https://pve.proxmox.com/wiki/Developer_Documentation#Software_License_and_Copyright our CLA] please send that along as patch, as that can speed up the process considerably.<br />
<br />
Please send plain text emails without attachments where possible.<br />
It is much harder to have a context-quoted discussion about a complex issue if all the details are hidden away in attachments.<br />
<br />
We will normally send out an initial confirmation mail about the reception of a report within the next (Austrian) business day.<br />
<br />
If you must send highly confidential information you may use the following public GPG key, with fingerprint <code>E679 2AA6 98E1 1855 375A B9E3 5D0C BD43 61F2 04C5</code> to encrypt the message.<br />
<pre><br />
pub rsa4096 2022-09-01 [expires: 2032-08-29]<br />
E6792AA698E11855375AB9E35D0CBD4361F204C5<br />
uid Proxmox Security Team <security@proxmox.com><br />
<br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGMQ2moBEACiyToARfkvOCeCTB8f5vVFSBJ5Shh7RUSXt4UQLa/FMjFKp9ZA<br />
YV6n3kcLkLOxZGFMruI7zlQD31tu2pApPP8NKCjeZwg2dqS72F29xQdDDY4UlxjX<br />
T5UckNtKY6Uqlarrd2cMFL5bUsM47LaTt/EtBFdhl4YiW2i6Z7FtR2MKZtEZnb3s<br />
x31XrWUh9mGyJ+gZyHmNOn9HrUf4LCo+HDqirAMiuJiVnCHVIbhOgVf1jHNuYfKU<br />
cyaxXbhfqdWuWkc0K7+2+ClaiKrifEbQ56SbnrYEmCOl2WB1vF4GuPCN4rRByLBa<br />
cfI1GQlChZtXBpDKwZYTm4OxUfouRb7F1Dc19zejqSUHO+rCKseXMM45YSs48jJU<br />
LYjSa7FQTaHjpN1M7Zoz/P5bgbBd4pAXF5BdBekuQRc0P3VzTLISDXKTSJ6mvTk3<br />
hcMk7Wr6KGeUt0ftP1AblRvGdeQ8w8VVgEqc+yAozFguRTUmpvEo+714Ak+MyFm8<br />
FXMdwRetnJ7IVsPxaQIzHjWoWPGAKhXecmi/uLC8caU4+vlNsFT87GMz7mOuyDhK<br />
n+8fIbn7IRvuJXjQB73eQS+My+9jLGK6UjIAz8MmA0LumZ6sfunevAyDqSc/lGkc<br />
Jcore+Qb3AC0excFCbgND31+i/iJHXIbSe7Fra/9zN+GodAjnXnQn2HHLQARAQAB<br />
tCxQcm94bW94IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHByb3htb3guY29tPokC<br />
VAQTAQoAPhYhBOZ5KqaY4RhVN1q5410MvUNh8gTFBQJjENpqAhsvBQkSzAMABQsJ<br />
CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEF0MvUNh8gTFkvwP/0B+RNoTHbMRaaNz<br />
RGl6sAshc6DOxCqxjCibWfiRr0pXADzL+NdNDyRsPY+i9Q+QQukF1PvPx9HBf4bu<br />
3gcJ5cVbi9/nYH4BiWNM0z8HDoYto3PpCDLK944dbUV4OfnYp3rp8GkMLq7CUB9l<br />
Hji7m63bGXuB+Rc/iEFoNKXtYh7fZIq8WiWDwOVdyslc/wC3RjbEPhXts3SHntXl<br />
y5Qdr1WEcFLW6GjfMUeJR5Oy3XccfKVPKhoNgGqrUqaN0PCQsQWCJ6czc0uGzP1p<br />
EFu8ct5C71/iZ0eak84SRf8cQxN2gwTb40rAkNIq3msCT8oaSc2vZQ0X+S0+Abq4<br />
5YOkNlCQB9f7XOKCTajjiYlElXw4H4X0uO4uKQbCBeXBI3HktivpQ1rEadXJiCl/<br />
eayeN6nBdOkupev73g3xVXCyI+QFd4IVufTqi1m857f3dNv/suHLj/Upd6q8rmqq<br />
M5s+e+3qUiAhEoB7sSCsXCh60SnDGYHsRa33F2Fz8pPpmuboW55z8OOaAgrVt/TB<br />
oZJdTzUCx77HXKMvlulZkjfuWzOB+qh6CR+bzNWzVyD3yYpNbH0UF+vBZ3sYb7Al<br />
/rAorlMz/gybSdrilHoxz2w9grcrTg6jk/dLwesCm1bzJKznEFVHQv/Mk+Kt+ZQ4<br />
/pfx41HDLtAoGfQBWxjy8n2Qrk8l<br />
=UVAu<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Additionally available to download in binary format from [https://enterprise.proxmox.com/debian/security-report.gpg.pub the enterprise CDN].<br />
<br />
== Disclosure and Embargoed Information ==<br />
<br />
Once a robust fix has been developed, the release process starts.<br />
Proxmox Server Solutions will release fixes for publicly undisclosed bugs as soon as they become available, but we can hold back sensible information from commits and change logs at the requests of the reporter or an affected party.<br />
<br />
== CVE assignment ==<br />
<br />
The security team does not normally assign CVEs, nor do we require them for reports or fixes, as this can needlessly complicate the process and may delay the bug handling.<br />
<br />
We would still appreciate if you notify us about any assigned ID, for coordination and communication purpose.</div>
Thomas Lamprecht