You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/08/11 04:11:17 UTC
[pulsar] branch master updated: [docs] Clarify security vulnerability process and reporting (#17039)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 96d4bbb1e15 [docs] Clarify security vulnerability process and reporting (#17039)
96d4bbb1e15 is described below
commit 96d4bbb1e15f8a04f30a3036565ab26d923e8746
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Thu Aug 11 07:11:09 2022 +0300
[docs] Clarify security vulnerability process and reporting (#17039)
---
README.md | 2 ++
SECURITY.md | 12 +++++++++++-
site2/docs/security-policy-and-supported-versions.md | 11 ++++-------
.../version-2.10.0/security-policy-and-supported-versions.md | 10 ++++++----
.../version-2.10.1/security-policy-and-supported-versions.md | 10 ++++++----
5 files changed, 29 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
index 274c4c552e7..80208a18d9b 100644
--- a/README.md
+++ b/README.md
@@ -345,6 +345,8 @@ You can self-register at https://apache-pulsar.herokuapp.com/
To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list.
+https://github.com/apache/pulsar/security/policy contains more details.
+
## License
Licensed under the Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
diff --git a/SECURITY.md b/SECURITY.md
index 7bd3ead079f..ce95a05da90 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,13 @@
# Security Policy
-The security policy and supported versions are outlined on the Pulsar website here: https://pulsar.apache.org/docs/security-policy-and-supported-versions/.
+## Security Vulnerability Process
+
+The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pul [...]
+
+It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
+
+## Security Policy details and supported versions of Apache Pulsar
+
+The security policy and supported versions are outlined on the Pulsar website under [Security > Security Policy and Supported Versions](https://pulsar.apache.org/docs/security-policy-and-supported-versions/).
diff --git a/site2/docs/security-policy-and-supported-versions.md b/site2/docs/security-policy-and-supported-versions.md
index ac907e12c70..2a40c27fd48 100644
--- a/site2/docs/security-policy-and-supported-versions.md
+++ b/site2/docs/security-policy-and-supported-versions.md
@@ -9,16 +9,13 @@ sidebar_label: "Security Policy and Supported Versions"
You can find documentation on Pulsar's available security features and how to use them here:
https://pulsar.apache.org/docs/en/security-overview/.
-## Security Vulnerability Announcements
+## Security Vulnerability Process
-The Pulsar community will announce security vulnerabilities and how to mitigate them on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org).
-For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
+The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling).
-## Reporting Vulnerabilities
+To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pul [...]
-The Pulsar community follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
-
-To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).
+It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
## Versioning Policy
diff --git a/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md b/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
index 31f8cf061b8..2a40c27fd48 100644
--- a/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
+++ b/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
@@ -2,7 +2,6 @@
id: security-policy-and-supported-versions
title: Security Policy and Supported Versions
sidebar_label: "Security Policy and Supported Versions"
-original_id: security-policy-and-supported-versions
---
## Using Pulsar's Security Features
@@ -10,10 +9,13 @@ original_id: security-policy-and-supported-versions
You can find documentation on Pulsar's available security features and how to use them here:
https://pulsar.apache.org/docs/en/security-overview/.
-## Security Vulnerability Announcements
+## Security Vulnerability Process
-The Pulsar community will announce security vulnerabilities and how to mitigate them on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org).
-For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
+The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pul [...]
+
+It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
## Versioning Policy
diff --git a/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md b/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
index 31f8cf061b8..2a40c27fd48 100644
--- a/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
+++ b/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
@@ -2,7 +2,6 @@
id: security-policy-and-supported-versions
title: Security Policy and Supported Versions
sidebar_label: "Security Policy and Supported Versions"
-original_id: security-policy-and-supported-versions
---
## Using Pulsar's Security Features
@@ -10,10 +9,13 @@ original_id: security-policy-and-supported-versions
You can find documentation on Pulsar's available security features and how to use them here:
https://pulsar.apache.org/docs/en/security-overview/.
-## Security Vulnerability Announcements
+## Security Vulnerability Process
-The Pulsar community will announce security vulnerabilities and how to mitigate them on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org).
-For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
+The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [security@apache.org](mailto:security@apache.org), you can copy your email to [private@pulsar.apache.org](mailto:private@pulsar.apache.org) to send your report to the Apache Pul [...]
+
+It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
## Versioning Policy