This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 96d4bbb1e15 [docs] Clarify security vulnerability process and
reporting (#17039)
96d4bbb1e15 is described below
commit 96d4bbb1e15f8a04f30a3036565ab26d923e8746
Author: Lari Hotari <[email protected]>
AuthorDate: Thu Aug 11 07:11:09 2022 +0300
[docs] Clarify security vulnerability process and reporting (#17039)
---
README.md | 2 ++
SECURITY.md | 12 +++++++++++-
site2/docs/security-policy-and-supported-versions.md | 11 ++++-------
.../version-2.10.0/security-policy-and-supported-versions.md | 10 ++++++----
.../version-2.10.1/security-policy-and-supported-versions.md | 10 ++++++----
5 files changed, 29 insertions(+), 16 deletions(-)
diff --git a/README.md b/README.md
index 274c4c552e7..80208a18d9b 100644
--- a/README.md
+++ b/README.md
@@ -345,6 +345,8 @@ You can self-register at
https://apache-pulsar.herokuapp.com/
To report a vulnerability for Pulsar, contact the [Apache Security
Team](https://www.apache.org/security/). When reporting a vulnerability to
[[email protected]](mailto:[email protected]), you can copy your email to
[[email protected]](mailto:[email protected]) to send your
report to the Apache Pulsar Project Management Committee. This is a private
mailing list.
+https://github.com/apache/pulsar/security/policy contains more details.
+
## License
Licensed under the Apache License, Version 2.0:
http://www.apache.org/licenses/LICENSE-2.0
diff --git a/SECURITY.md b/SECURITY.md
index 7bd3ead079f..ce95a05da90 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,13 @@
# Security Policy
-The security policy and supported versions are outlined on the Pulsar website
here: https://pulsar.apache.org/docs/security-policy-and-supported-versions/.
+## Security Vulnerability Process
+
+The Pulsar community follows the ASF [security vulnerability handling
process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF
security vulnerability reporting
process](https://apache.org/security/#reporting-a-vulnerability). To report a
vulnerability for Pulsar, contact the [Apache Security
Team](https://www.apache.org/security/). When reporting a vulnerability to
[[email protected]](mailto:[email protected]), you can copy your email to
[[email protected]](mailto:[email protected]) to send your
report to the Apache Pul [...]
+
+It is the responsibility of the security vulnerability handling project team
(Apache Pulsar PMC in most cases) to make public security vulnerability
announcements. You can follow announcements on the
[[email protected]](mailto:[email protected]) mailing list. For
instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
+
+## Security Policy details and supported versions of Apache Pulsar
+
+The security policy and supported versions are outlined on the Pulsar website
under [Security > Security Policy and Supported
Versions](https://pulsar.apache.org/docs/security-policy-and-supported-versions/).
diff --git a/site2/docs/security-policy-and-supported-versions.md
b/site2/docs/security-policy-and-supported-versions.md
index ac907e12c70..2a40c27fd48 100644
--- a/site2/docs/security-policy-and-supported-versions.md
+++ b/site2/docs/security-policy-and-supported-versions.md
@@ -9,16 +9,13 @@ sidebar_label: "Security Policy and Supported Versions"
You can find documentation on Pulsar's available security features and how to
use them here:
https://pulsar.apache.org/docs/en/security-overview/.
-## Security Vulnerability Announcements
+## Security Vulnerability Process
-The Pulsar community will announce security vulnerabilities and how to
mitigate them on the [[email protected]](mailto:[email protected]).
-For instructions on how to subscribe, please see
https://pulsar.apache.org/contact/.
+The Pulsar community follows the ASF [security vulnerability handling
process](https://apache.org/security/#vulnerability-handling).
-## Reporting Vulnerabilities
+To report a new vulnerability you have discovered, please follow the [ASF
security vulnerability reporting
process](https://apache.org/security/#reporting-a-vulnerability). To report a
vulnerability for Pulsar, contact the [Apache Security
Team](https://www.apache.org/security/). When reporting a vulnerability to
[[email protected]](mailto:[email protected]), you can copy your email to
[[email protected]](mailto:[email protected]) to send your
report to the Apache Pul [...]
-The Pulsar community follows the ASF [vulnerability handling
process](https://apache.org/security/#vulnerability-handling).
-
-To report a new vulnerability you have discovered please follow the [ASF
vulnerability reporting
process](https://apache.org/security/#reporting-a-vulnerability).
+It is the responsibility of the security vulnerability handling project team
(Apache Pulsar PMC in most cases) to make public security vulnerability
announcements. You can follow announcements on the
[[email protected]](mailto:[email protected]) mailing list. For
instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
## Versioning Policy
diff --git
a/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
b/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
index 31f8cf061b8..2a40c27fd48 100644
---
a/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
+++
b/site2/website/versioned_docs/version-2.10.0/security-policy-and-supported-versions.md
@@ -2,7 +2,6 @@
id: security-policy-and-supported-versions
title: Security Policy and Supported Versions
sidebar_label: "Security Policy and Supported Versions"
-original_id: security-policy-and-supported-versions
---
## Using Pulsar's Security Features
@@ -10,10 +9,13 @@ original_id: security-policy-and-supported-versions
You can find documentation on Pulsar's available security features and how to
use them here:
https://pulsar.apache.org/docs/en/security-overview/.
-## Security Vulnerability Announcements
+## Security Vulnerability Process
-The Pulsar community will announce security vulnerabilities and how to
mitigate them on the [[email protected]](mailto:[email protected]).
-For instructions on how to subscribe, please see
https://pulsar.apache.org/contact/.
+The Pulsar community follows the ASF [security vulnerability handling
process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF
security vulnerability reporting
process](https://apache.org/security/#reporting-a-vulnerability). To report a
vulnerability for Pulsar, contact the [Apache Security
Team](https://www.apache.org/security/). When reporting a vulnerability to
[[email protected]](mailto:[email protected]), you can copy your email to
[[email protected]](mailto:[email protected]) to send your
report to the Apache Pul [...]
+
+It is the responsibility of the security vulnerability handling project team
(Apache Pulsar PMC in most cases) to make public security vulnerability
announcements. You can follow announcements on the
[[email protected]](mailto:[email protected]) mailing list. For
instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
## Versioning Policy
diff --git
a/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
b/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
index 31f8cf061b8..2a40c27fd48 100644
---
a/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
+++
b/site2/website/versioned_docs/version-2.10.1/security-policy-and-supported-versions.md
@@ -2,7 +2,6 @@
id: security-policy-and-supported-versions
title: Security Policy and Supported Versions
sidebar_label: "Security Policy and Supported Versions"
-original_id: security-policy-and-supported-versions
---
## Using Pulsar's Security Features
@@ -10,10 +9,13 @@ original_id: security-policy-and-supported-versions
You can find documentation on Pulsar's available security features and how to
use them here:
https://pulsar.apache.org/docs/en/security-overview/.
-## Security Vulnerability Announcements
+## Security Vulnerability Process
-The Pulsar community will announce security vulnerabilities and how to
mitigate them on the [[email protected]](mailto:[email protected]).
-For instructions on how to subscribe, please see
https://pulsar.apache.org/contact/.
+The Pulsar community follows the ASF [security vulnerability handling
process](https://apache.org/security/#vulnerability-handling).
+
+To report a new vulnerability you have discovered, please follow the [ASF
security vulnerability reporting
process](https://apache.org/security/#reporting-a-vulnerability). To report a
vulnerability for Pulsar, contact the [Apache Security
Team](https://www.apache.org/security/). When reporting a vulnerability to
[[email protected]](mailto:[email protected]), you can copy your email to
[[email protected]](mailto:[email protected]) to send your
report to the Apache Pul [...]
+
+It is the responsibility of the security vulnerability handling project team
(Apache Pulsar PMC in most cases) to make public security vulnerability
announcements. You can follow announcements on the
[[email protected]](mailto:[email protected]) mailing list. For
instructions on how to subscribe, please see https://pulsar.apache.org/contact/.
## Versioning Policy
