Charmed HPC is a collection of multiple, individual projects that each have an actively supported version. Read the SECURITY.md file in each project repository for more information on how report a vulnerability for that particular project. The Charmed HPC core development team will release security updates for the affected projects after vulnerabilities have been identified and fixed.

Please provide a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

The preferred way to report a security issue is through GitHub Security Advisories. See Privately reporting a security vulnerability for instructions on how to report a security vulnerability using GitHub's security advisory feature.

You may also send email to security@ubuntu.com. Email may optionally be encrypted to OpenPGP key 4072 60F7 616E CE4D 9D12 4627 98E9 740D C345 39E0.

The Charmed HPC core developer team will be notified of the issue and will work with you to determine whether the issue qualifies as a security issue and, if so, in which component. We will then figure out a fix, get a CVE assigned, and coordinate the release of the fix.

If you have a deadline for public disclosure, please let us know. Our vulnerability management team intends to respond within 3 working days of your report. This project aims to resolve all vulnerabilities within 90 days.

The Ubuntu Security disclosure and embargo policy contains more information about how can contact us, what you can expect when you contact us, and what we expect from you.