lhotari commented on code in PR #17039: URL: https://github.com/apache/pulsar/pull/17039#discussion_r942803907
########## SECURITY.md: ########## @@ -1,3 +1,13 @@ # Security Policy -The security policy and supported versions are outlined on the Pulsar website here: https://pulsar.apache.org/docs/security-policy-and-supported-versions/. +## Security Vulnerability Process + +The Pulsar community follows the ASF [security vulnerability handling process](https://apache.org/security/#vulnerability-handling). + +To report a new vulnerability you have discovered, please follow the [ASF security vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). To report a vulnerability for Pulsar, contact the [Apache Security Team](https://www.apache.org/security/). When reporting a vulnerability to [[email protected]](mailto:[email protected]), you can copy your email to [[email protected]](mailto:[email protected]) to send your report to the Apache Pulsar Project Management Committee. This is a private mailing list. + +It is the responsibility of the security vulnerability handling project team (Apache Pulsar PMC in most cases) to make public security vulnerability announcements. You can follow announcements on the [[email protected]](mailto:[email protected]) mailing list. For instructions on how to subscribe, please see https://pulsar.apache.org/contact/. + +## Security Policy details and supported versions of Apache Pulsar + +The security policy and supported versions are outlined on the Pulsar website under [Security > Security Policy and Supported Versions](https://pulsar.apache.org/docs/security-policy-and-supported-versions/). Review Comment: This link is in the SECURITY.md file which is rendered in GitHub at https://github.com/apache/pulsar/security/policy -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
