You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by li...@apache.org on 2022/08/09 02:52:30 UTC

[pulsar] branch master updated: [doc][workflow] Add Reporting Vulnerabilities section to Security Policy (#16962)

This is an automated email from the ASF dual-hosted git repository.

liuyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new b1ad198e101 [doc][workflow] Add Reporting Vulnerabilities section to Security Policy (#16962)
b1ad198e101 is described below

commit b1ad198e101a106cac1c99f0bf812a1983c4fc2c
Author: tison <wa...@gmail.com>
AuthorDate: Tue Aug 9 10:52:23 2022 +0800

    [doc][workflow] Add Reporting Vulnerabilities section to Security Policy (#16962)
---
 SECURITY.md                                          | 2 +-
 site2/docs/security-policy-and-supported-versions.md | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index c474eb7f4bd..7bd3ead079f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,3 @@
 # Security Policy
 
-The security policy and supported versions are outlined on the Pulsar website here: https://pulsar.apache.org/docs/security-policy-and-supported-versions/.
\ No newline at end of file
+The security policy and supported versions are outlined on the Pulsar website here: https://pulsar.apache.org/docs/security-policy-and-supported-versions/.
diff --git a/site2/docs/security-policy-and-supported-versions.md b/site2/docs/security-policy-and-supported-versions.md
index 23368650777..ac907e12c70 100644
--- a/site2/docs/security-policy-and-supported-versions.md
+++ b/site2/docs/security-policy-and-supported-versions.md
@@ -14,6 +14,12 @@ https://pulsar.apache.org/docs/en/security-overview/.
 The Pulsar community will announce security vulnerabilities and how to mitigate them on the [users@pulsar.apache.org](mailto:users@pulsar.apache.org).
 For instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
 
+## Reporting Vulnerabilities
+
+The Pulsar community follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).
+
 ## Versioning Policy
 
 The Pulsar project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). Existing releases can expect