← Back to team overview

cloud-init team mailing list archive

cloud-init security bugs



Earlier this week there were four security bugs [1][2][3][4] reported
against cloud-init. These were a result of IBM passing cloud-init
through their code analysis tool. I want to thank them for taking the
time to do the scan and filing bugs for any issue found. This was a good
opportunity for us to test out our proposed security process.

After reviewing the reports we did not feel any of the issues were
security issues. All bugs are now marked public and have comments added
providing analysis.

If there are any further questions or concerns please feel free to reach
out in each of the bugs or here. We are still working on finalizing the
security process and will post an update in the coming weeks.


[1] https://bugs.launchpad.net/bugs/1848290
[2] https://bugs.launchpad.net/bugs/1848291
[3] https://bugs.launchpad.net/bugs/1848293
[4] https://bugs.launchpad.net/bugs/1848297
Ubuntu Server Engineering Manager
Canonical Ltd.