Repository: hbase Updated Branches: refs/heads/master 142e36e7d -> d590f87ef
HBASE-7126 Document how to report security bugs Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/d590f87e Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/d590f87e Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/d590f87e Branch: refs/heads/master Commit: d590f87ef410eff6770a71b416f13645615210ea Parents: 142e36e Author: Misty Stanley-Jones <[email protected]> Authored: Mon Mar 2 10:27:51 2015 +1000 Committer: Misty Stanley-Jones <[email protected]> Committed: Wed Mar 11 15:14:42 2015 +1000 ---------------------------------------------------------------------- src/main/asciidoc/_chapters/preface.adoc | 5 +++++ src/main/asciidoc/_chapters/security.adoc | 10 ++++++++++ 2 files changed, 15 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/d590f87e/src/main/asciidoc/_chapters/preface.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/_chapters/preface.adoc b/src/main/asciidoc/_chapters/preface.adoc index 2eb8411..960fcc4 100644 --- a/src/main/asciidoc/_chapters/preface.adoc +++ b/src/main/asciidoc/_chapters/preface.adoc @@ -55,5 +55,10 @@ That said, you are welcome. + It's a fun place to be. + Yours, the HBase Community. +.Reporting Bugs + +Please use link:https://issues.apache.org/jira/browse/hbase[JIRA] to report non-security-related bugs. + +To protect existing HBase installations from new vulnerabilities, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list [email protected], which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report. :numbered: http://git-wip-us.apache.org/repos/asf/hbase/blob/d590f87e/src/main/asciidoc/_chapters/security.adoc ---------------------------------------------------------------------- diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index bb757ef..ae74661 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -27,6 +27,16 @@ :icons: font :experimental: +[IMPORTANT] +.Reporting Security Bugs +==== +NOTE: To protect existing HBase installations from exploitation, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list [email protected], which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report. + +HBase adheres to the Apache Software Foundation's policy on reported vulnerabilities, available at http://apache.org/security/. + +If you wish to send an encrypted report, you can use the GPG details provided for the general ASF security list. This will likely increase the response time to your report. +==== + HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop. == Using Secure HTTP (HTTPS) for the Web UI
