Hi, I just noticed, while researching information regarding these two CVEs: https://nvd.nist.gov/vuln/detail/CVE-2021-3177 https://nvd.nist.gov/vuln/detail/CVE-2021-23336 That the Link to the Security Contacts on the Website is broken: https://www.openstack.org/openstack-security/ is a 404 for me. I found the dead link here: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce Another "Bug" imho is, that there is no information how to contact the security team on the main website, and the search for "security" does not really yield good results how to contact the security team either. If someone has any information on these vulnerabilities and how they affect openstack I'd be delighted to hear from you. a cursory search of gerrit didn't yield anything. If I search the website using the integrated search for the CVE the top result is some 2021 Board Election.. RedHat and Suse both state that their distributions of openstack are affected: https://access.redhat.com/security/cve/cve-2021-23336 https://www.suse.com/security/cve/CVE-2021-23336/ So I guess the base distro is also affected, as these are core openstack components imho? Thanks for you time. -- Mit freundlichen Grüßen / Regards Sven Kieske Systementwickler Mittwald CM Service GmbH & Co. KG Königsberger Straße 4-6 32339 Espelkamp Tel.: 05772 / 293-900 Fax: 05772 / 293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer, Florian Jürgens St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit gemäß Art. 13-14 DSGVO sind unter www.mittwald.de/ds abrufbar.