This is an automated email from the ASF dual-hosted git repository.
xushiyan pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/hudi.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 82ca053a05e4 [Site] Update Security guidance (#17455)
82ca053a05e4 is described below
commit 82ca053a05e480d676c5a09234f6d1df819ee881
Author: Bhavani Sudha Saktheeswaran <[email protected]>
AuthorDate: Tue Dec 2 06:23:39 2025 -0800
[Site] Update Security guidance (#17455)
---
website/contribute/report-security-issues.md | 32 ---------------------------
website/contribute/security.md | 33 ++++++++++++++++++++++++++++
website/docusaurus.config.js | 4 ++--
3 files changed, 35 insertions(+), 34 deletions(-)
diff --git a/website/contribute/report-security-issues.md
b/website/contribute/report-security-issues.md
deleted file mode 100644
index 1b89388c9d01..000000000000
--- a/website/contribute/report-security-issues.md
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: Report Issues
-sidebar_position: 5
-keywords: [ hudi, security]
-toc: true
-last_modified_at: 2019-12-30T15:59:57-04:00
----
-
-## Reporting HUDI Issues
-
-If you encounter a bug, performance issue, or unexpected behavior while using
Apache Hudi, please report it by creating a [Github
Issues](https://github.com/apache/hudi/issues). Be sure to include a clear
summary, steps to reproduce the issue, expected vs. actual behavior, relevant
logs, configurations, and your Hudi and Spark versions. The more context you
provide, the easier it is for the community to diagnose and address the problem
efficiently.
-
-## Reporting Security Issues
-
-The Apache Software Foundation takes a rigorous standpoint in annihilating the
security issues in its software projects. Apache Hudi is highly sensitive and
forthcoming to issues pertaining to its features and functionality.
-
-## Reporting Vulnerability
-
-If you have apprehensions regarding Hudi's security or you discover
vulnerability or potential threat, don’t hesitate to get in touch with the
[Apache Security Team](http://www.apache.org/security/) by dropping a mail at
[[email protected]](mailto:[email protected]). In the mail, specify the
description of the issue or potential threat. You are also urged to recommend
the way to reproduce and replicate the issue. The Hudi community will get back
to you after assessing and analysing t [...]
-
-**PLEASE PAY ATTENTION** to report the security issue on the security email
before disclosing it on public domain.
-
-## Vulnerability Handling
-
-An overview of the vulnerability handling process is:
-
-* The reporter reports the vulnerability privately to Apache.
-* The appropriate project's security team works privately with the reporter to
resolve the vulnerability.
-* A new release of the Apache product concerned is made that includes the fix.
-* The vulnerability is publically announced.
-
-A more detailed description of the process can be found
[here](https://www.apache.org/security/committers).
diff --git a/website/contribute/security.md b/website/contribute/security.md
new file mode 100644
index 000000000000..4dc83177fa09
--- /dev/null
+++ b/website/contribute/security.md
@@ -0,0 +1,33 @@
+---
+title: Security
+sidebar_position: 5
+keywords: [ hudi, security]
+toc: true
+last_modified_at: 2019-12-30T15:59:57-04:00
+---
+
+## Security Model
+
+Apache Hudi is a library that relies on the security posture of the underlying
compute engine and
+storage environment in which it operates. In real-world deployments, engines
like Presto, Apache Spark, Apache Flink are
+hosted in private virtual network—such as a VPC, VLAN, or on-premises
subnet—where only trusted entities have access
+and network controls including firewalls, ACLs, and routing rules are used to
restrict and prevent untrusted access.
+
+## Security Reporting and Vulnerability Handling
+
+The Apache Software Foundation takes security seriously, and Apache Hudi
encourages responsible disclosure of any potential
+vulnerabilities. If you have apprehensions regarding Hudi's security, or you
discover vulnerability or potential threat,
+don’t hesitate to get in touch with the [Apache Security
Team](http://www.apache.org/security/) by dropping a mail at
[[email protected]](mailto:[email protected]).
+In the mail, specify the description of the issue or potential threat. You are
also urged to recommend the way to
+reproduce and replicate the issue. The Hudi community will get back to you
after assessing and analysing the findings.
+
+**PLEASE PAY ATTENTION** to report the security issue on the security email
before disclosing it on public domain.
+
+An overview of the vulnerability handling process is:
+
+* The reporter reports the vulnerability privately to Apache.
+* The appropriate project's security team works privately with the reporter to
resolve the vulnerability.
+* A new release of the Apache product concerned is made that includes the fix.
+* The vulnerability is publically announced.
+
+A more detailed description of the process can be found
[here](https://www.apache.org/security/committers).
diff --git a/website/docusaurus.config.js b/website/docusaurus.config.js
index 84b334dc66f5..dd1d802d796d 100644
--- a/website/docusaurus.config.js
+++ b/website/docusaurus.config.js
@@ -235,8 +235,8 @@ module.exports = {
to: "/contribute/rfc-process",
},
{
- label: "Report Issues",
- to: "/contribute/report-security-issues",
+ label: "Security",
+ to: "/contribute/security",
},
],
},
