This is an automated email from the ASF dual-hosted git repository.
mimaison pushed a commit to branch markdown
in repository https://gitbox.apache.org/repos/asf/kafka-site.git
The following commit(s) were added to refs/heads/markdown by this push:
new 9b2a1a68e KAFKA-20073: Address invalid encoding for security mailto
links (#788)
9b2a1a68e is described below
commit 9b2a1a68e7e182775986576762172fe1d6f03b6e
Author: Rion Williams <[email protected]>
AuthorDate: Thu Feb 5 07:52:51 2026 -0600
KAFKA-20073: Address invalid encoding for security mailto links (#788)
Reviewers: Mickael Maison <[email protected]>
---
content/en/community/project_security.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/content/en/community/project_security.md
b/content/en/community/project_security.md
index f610f670e..128a854eb 100644
--- a/content/en/community/project_security.md
+++ b/content/en/community/project_security.md
@@ -26,7 +26,7 @@ aliases:
# Kafka security
-The Apache Software Foundation takes security issues very seriously. Apache
Kafka® specifically offers security features and is responsive to issues around
its features. If you have any concern around Kafka Security or believe you have
uncovered a vulnerability, we suggest that you get in touch via the e-mail
address
[[email protected]](mailto:[email protected]?Subject=\[SECURITY\]
My security issue). In the message, try to provide a description of the issue
and ideally a [...]
+The Apache Software Foundation takes security issues very seriously. Apache
Kafka® specifically offers security features and is responsive to issues around
its features. If you have any concern around Kafka Security or believe you have
uncovered a vulnerability, we suggest that you get in touch via the e-mail
address
[[email protected]](mailto:[email protected]?subject=%5BSECURITY%5D%20My%20security%20issue).
In the message, try to provide a description of the issue and i [...]
Note that this security address should be used only for undisclosed
vulnerabilities. Dealing with fixed issues or general questions on how to use
the security features should be handled regularly via the user and the dev
lists. **Please report any security problems to the project security address
before disclosing it publicly.**
@@ -36,13 +36,13 @@ For a list of security issues fixed in released versions of
Apache Kafka, see [C
## Advisories for dependencies
-Many organizations use 'security scanning' tools to detect components for
which advisories exist. While we generally encourage using such tools, since
they are an important way users are notified of risks, our experience is that
they produce a lot of false positives: when a dependency of Kafka contains a
vulnerability, it is likely Kafka is using it in a way that is not affected. As
such, we do not consider the fact that an advisory has been published for a
Kafka dependency sensitive. On [...]
+Many organizations use 'security scanning' tools to detect components for
which advisories exist. While we generally encourage using such tools, since
they are an important way users are notified of risks, our experience is that
they produce a lot of false positives: when a dependency of Kafka contains a
vulnerability, it is likely Kafka is using it in a way that is not affected. As
such, we do not consider the fact that an advisory has been published for a
Kafka dependency sensitive. On [...]
When handling such warnings, you can:
* Check if our [DependencyCheck
suppressions](https://github.com/apache/kafka/blob/trunk/gradle/resources/dependencycheck-suppressions.xml)
contain any information on this advisory.
* See if there is any discussion on this advisory in the [issue
tracker](https://issues.apache.org/jira/browse/KAFKA)
* Do your own analysis on whether this advisory affects Kafka.
- * If it seems it might, report this finding privately through
[[email protected]](mailto:[email protected]?Subject=\[SECURITY\]
My security issue).
+ * If it seems it might, report this finding privately through
[[email protected]](mailto:[email protected]?subject=%5BSECURITY%5D%20My%20security%20issue).
* If it seems not to, [contribute](/contributing.html) a section to our
[DependencyCheck
suppressions](https://github.com/apache/kafka/blob/trunk/gradle/resources/dependencycheck-suppressions.xml)
explaining why it is not affected.
