You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by ur...@apache.org on 2023/06/05 07:49:49 UTC

[airflow] branch main updated: Add severity rating explanation to our Security Policy (#31702)

This is an automated email from the ASF dual-hosted git repository.

uranusjr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 2be5d3a78e Add severity rating explanation to our Security Policy (#31702)
2be5d3a78e is described below

commit 2be5d3a78ee6bd5d15a18ca30ccfe51fbda2db87
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Mon Jun 5 09:49:39 2023 +0200

    Add severity rating explanation to our Security Policy (#31702)
---
 .github/SECURITY.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/SECURITY.rst b/.github/SECURITY.rst
index 82341fc408..e7f5a40366 100644
--- a/.github/SECURITY.rst
+++ b/.github/SECURITY.rst
@@ -103,6 +103,10 @@ There are certain expectations from the members of the security team:
   releasing the CVE information (announcement and publishing to security indexes) as part of the
   release process. This is facilitated by the security tool provided by the Apache Software Foundation.
 
+* Severity of the issue is determined based on the criteria described in the
+  `Severity Rating blog post <https://security.apache.org/blog/severityrating/>`_  by the Apache Software
+  Foundation Security team
+
 Releasing Airflow with security patches
 ---------------------------------------