If you found a vulnerability in our software, please contact our security response team by email at secalert at scality dot com. Only the security response team members will see your email address. We are committed to process emails sent confidentially.

Depending on the level of risk related to the issue, the security response team mailing list might not be the most appropriate channel to report it.

Contributions are not necessary to report a vulnerability. However, if you wish to send patches, please do so using a confidential communication channel, such as the security response team mailing list, or another negotiated channel.

We are committed to credit your work when publicly disclosing the vulnerability.

Disclaimer: our software comes with absolutely not warranty to non Scality customer.

For critical security vulnerabilities, our customers will be notified before the vulnerability will be publicly disclosed by Scality.

Scality does not commit to any schedule regarding the public disclosure of their security vulnerabilities. Nonetheless, we will try our best to deal with vulnerability public disclosure responsibly in order to maintain a healthy open source community.