You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@yunikorn.apache.org by wi...@apache.org on 2022/01/14 06:24:48 UTC

[incubator-yunikorn-site] branch master updated: [YUNIKORN-1020] Update security issue report guidelines. (#107)

This is an automated email from the ASF dual-hosted git repository.

wilfreds pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-yunikorn-site.git


The following commit(s) were added to refs/heads/master by this push:
     new ba6c957  [YUNIKORN-1020] Update security issue report guidelines. (#107)
ba6c957 is described below

commit ba6c957fad6337975c865a67d2ea589754f4e50f
Author: Weiwei Yang <ww...@apache.org>
AuthorDate: Thu Jan 13 22:20:36 2022 -0800

    [YUNIKORN-1020] Update security issue report guidelines. (#107)
---
 src/pages/community/how_to_contribute.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/pages/community/how_to_contribute.md b/src/pages/community/how_to_contribute.md
index fd7ea9e..b0a0809 100644
--- a/src/pages/community/how_to_contribute.md
+++ b/src/pages/community/how_to_contribute.md
@@ -98,9 +98,11 @@ The JIRA will not be closed automatically.
 
 ## Report a security issue
 YuniKorn community cares deeply about the security and actively addresses any security issues as
-the top priority. The community uses its private mailing list (private@yunikorn.apache.org) to discuss
-and track security related issues. If any security issue found, please email the private
-mailing list. The community will evaluate the severity immediately and provide a plan accordingly.
+the top priority. We follow the Apache security guidelines for handling security issues, please see the Apache doc
+about [handling security issues](https://www.apache.org/security/). If you find any security issue,
+please send a vulnerability report to security@apache.org, the YuniKorn security team will assess the issue
+immediately and work with the reporter on a plan to fix it. Please do not disclose the issue to any public forum
+before working with the security team.
 
 ## Still got questions?
 If you’re not sure about something, try to follow the style of the existing codebase.