This is an automated email from the ASF dual-hosted git repository.
jin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph-doc.git
The following commit(s) were added to refs/heads/master by this push:
new 1044edc0 doc: add security page and description (#332)
1044edc0 is described below
commit 1044edc04417fdfd34ee288d7d6f91cc825f1a17
Author: Sunhb <[email protected]>
AuthorDate: Thu Mar 7 16:56:44 2024 +0800
doc: add security page and description (#332)
TODO: add the security option to community secondary menu
---------
Co-authored-by: imbajin <[email protected]>
---
content/cn/docs/guides/security.md | 23 ++++++++++++++++++++++
content/en/docs/guides/security.md | 23 ++++++++++++++++++++++
themes/docsy/layouts/partials/community_links.html | 3 +++
3 files changed, 49 insertions(+)
diff --git a/content/cn/docs/guides/security.md
b/content/cn/docs/guides/security.md
new file mode 100644
index 00000000..d83cf7de
--- /dev/null
+++ b/content/cn/docs/guides/security.md
@@ -0,0 +1,23 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+遵循 ASF 的规范, HugeGraph 社区对**解决修复**项目中的安全问题保持非常积极和开放的态度。
+
+我们强烈建议用户首先向我们的独立安全邮件列表报告此类问题,相关详细的流程规范请参考 [ASF
SEC](https://www.apache.org/security/committers.html) 守则。
+
+请注意,安全邮件组适用于报告**未公开**的安全漏洞并跟进漏洞处理的过程。常规的软件 `Bug/Error` 报告应该使用 `Github
Issue/Discussion` 或是 `HugeGraph-Dev` 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
+
+独立的安全邮件(组)地址为: `[email protected]`
+
+安全漏洞处理大体流程如下:
+
+- 报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)
+- HugeGraph 项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 `CVE` 编号予以登记)
+- 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
+- 合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范, 公告中不应携带复现细节等敏感信息)
+- 正式的 CVE 发布及相关流程同 ASF-SEC 页面
\ No newline at end of file
diff --git a/content/en/docs/guides/security.md
b/content/en/docs/guides/security.md
new file mode 100644
index 00000000..c76f1687
--- /dev/null
+++ b/content/en/docs/guides/security.md
@@ -0,0 +1,23 @@
+---
+title: "Security Report"
+linkTitle: "Security"
+weight: 6
+---
+
+## Reporting New Security Problems with Apache HugeGraph
+
+Adhering to the specifications of ASF, the HugeGraph community maintains a
highly proactive and open attitude towards addressing security issues in the
**remediation** projects.
+
+We strongly recommend that users first report such issues to our dedicated
security email list, with detailed procedures specified in the [ASF
SEC](https://www.apache.org/security/committers.html) code of conduct.
+
+Please note that the security email group is reserved for reporting
**undisclosed** security vulnerabilities and following up on the vulnerability
resolution process. Regular software `Bug/Error` reports should be directed to
`Github Issue/Discussion` or the `HugeGraph-Dev` email group. Emails sent to
the security list that are unrelated to security issues will be ignored.
+
+The independent security email (group) address is:
`[email protected]`
+
+The general process for handling security vulnerabilities is as follows:
+
+- The reporter privately reports the vulnerability to the Apache HugeGraph SEC
email group (including as much information as possible, such as reproducible
versions, relevant descriptions, reproduction methods, and the scope of impact)
+- The HugeGraph project security team collaborates privately with the reporter
to discuss the vulnerability resolution (after preliminary confirmation, a
`CVE` number can be requested for registration)
+- The project creates a new version of the software package affected by the
vulnerability to provide a fix
+- At an appropriate time, a general description of the vulnerability and how
to apply the fix will be publicly disclosed (in compliance with ASF standards,
the announcement should not disclose sensitive information such as reproduction
details)
+- Official CVE release and related procedures follow the ASF-SEC page
\ No newline at end of file
diff --git a/themes/docsy/layouts/partials/community_links.html
b/themes/docsy/layouts/partials/community_links.html
index f8db81ea..601044d4 100644
--- a/themes/docsy/layouts/partials/community_links.html
+++ b/themes/docsy/layouts/partials/community_links.html
@@ -14,6 +14,9 @@
{{ with index $links "developer"}}
{{ template "community-links-list" . }}
{{ end }}
+
+<p>If you want to report security problems with HugeGraph,please contact us
with <a href="../docs/guides/security/">security email address</a>.
+</p>
<p>You can find out how to contribute to these docs in our <a
href="../docs/contribution-guidelines/">Contribution Guidelines</a>.
</div>
</section>
