We take security issues seriously and welcome responsible disclosure of security vulnerabilities in Pulp. Please email pulp-security@redhat.com (a private address for the Pulp Security Team) with all reports.
Your report should include:
- Pulp version
- A vulnerability description
- Reproduction steps
- Feel free to submit a patch with your disclosure.
A member of the Pulp Security Team will confirm the vulnerability, determine its impact, and develop a fix.