You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by ur...@apache.org on 2023/06/05 07:49:49 UTC
[airflow] branch main updated: Add severity rating explanation to our Security Policy (#31702)
This is an automated email from the ASF dual-hosted git repository.
uranusjr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 2be5d3a78e Add severity rating explanation to our Security Policy (#31702)
2be5d3a78e is described below
commit 2be5d3a78ee6bd5d15a18ca30ccfe51fbda2db87
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Mon Jun 5 09:49:39 2023 +0200
Add severity rating explanation to our Security Policy (#31702)
---
.github/SECURITY.rst | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/.github/SECURITY.rst b/.github/SECURITY.rst
index 82341fc408..e7f5a40366 100644
--- a/.github/SECURITY.rst
+++ b/.github/SECURITY.rst
@@ -103,6 +103,10 @@ There are certain expectations from the members of the security team:
releasing the CVE information (announcement and publishing to security indexes) as part of the
release process. This is facilitated by the security tool provided by the Apache Software Foundation.
+* Severity of the issue is determined based on the criteria described in the
+ `Severity Rating blog post <https://security.apache.org/blog/severityrating/>`_ by the Apache Software
+ Foundation Security team
+
Releasing Airflow with security patches
---------------------------------------