The Cloud Foundry Foundation (CFF) Security Team provides a single point of contact for the reporting of security vulnerabilities in open source Cloud Foundry codebases and coordinates the process of investigating any reports. Please see this page for more information about what might qualify as a vulnerability.

We strongly encourage people to report security vulnerabilities privately to our security team before disclosing them in a public forum.

The e-mail address to use to contact the CFF Security Team is security@cloudfoundry.org.

Please note that the e-mail address above should only be used for reporting undisclosed security vulnerabilities in open source Cloud Foundry codebases and managing the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security-related queries at this address.

If you wish to send encrypted email, our public key can be obtained from a public key server such as keys.openpgp.org. The fingerprint is: 3FC8 9AF3 940B E270 CF25 E122 9965 0006 EF9D C642