This is an automated email from the ASF dual-hosted git repository.
worryg0d pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra-gocql-driver.git
The following commit(s) were added to refs/heads/trunk by this push:
new 941f2988 Add security-model discoverability (AGENTS.md -> SECURITY.md
-> security model)
941f2988 is described below
commit 941f298890a66061ee9afe354eb973a6e6fc95c1
Author: Jarek Potiuk <[email protected]>
AuthorDate: Sun Jun 14 02:29:45 2026 +0200
Add security-model discoverability (AGENTS.md -> SECURITY.md -> security
model)
Wires the conventional AGENTS.md -> SECURITY.md -> security model chain so
automated tooling can mechanically discover the project's security model. No
model content is changed.
patch by Jarek Potiuk; reviewed by Stefan Miklosovic, Bret McGuire for
CASSANDRA-21464
Assisted-by: Claude Opus 4.8 (1M context)
---
AGENTS.md | 16 ++++++++++++++++
CHANGELOG.md | 6 ++++++
SECURITY.md | 17 +++++++++++++++++
3 files changed, 39 insertions(+)
diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 00000000..78d4c9cf
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,16 @@
+# Agent guidance
+
+This file is read by automated agents (security scanners, code analyzers,
+AI assistants) operating on this repository. It points them at the
+human-authored references they should consult before producing output.
+
+## Security
+
+Security model: [SECURITY.md](./SECURITY.md), which links to the Apache
+Cassandra project security model.
+
+This repository is part of the Apache Cassandra project. Its security model -
+trust boundaries, in-scope / out-of-scope declarations, the security
+properties the project provides and disclaims, and how findings are triaged -
+is the umbrella Cassandra security model linked from SECURITY.md. Consult it
+before reporting security issues.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cb07d57d..580094c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this
file.
The format is based on [Keep a
Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic
Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.2.0]
+
+### Added
+
+- Security-model discoverability (CASSANDRA-21464)
+
## [2.1.2]
### Fixed
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..7ecb4e42
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report suspected security vulnerabilities privately to the Apache
+Security Team at <[email protected]>, following the ASF process at
+<https://www.apache.org/security/>. Do not open public GitHub issues or pull
+requests for security reports.
+
+## Security Model
+
+This repository is part of the Apache Cassandra project. The project's
+security model - what is in and out of scope, the trust boundaries it
+assumes, the security properties it provides and disclaims, and how findings
+are triaged - is documented in the main apache/cassandra repository:
+
+https://github.com/apache/cassandra/blob/trunk/doc/modules/cassandra/pages/reference/security-model.adoc
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
