This is an automated email from the ASF dual-hosted git repository.
zkaoudi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-wayang-website.git
The following commit(s) were added to refs/heads/main by this push:
new b2a2aac2 security page (#79)
b2a2aac2 is described below
commit b2a2aac2a5b2849f81e9dd326e88999a0708125e
Author: Alexander Alten-Lorenz <[email protected]>
AuthorDate: Mon Mar 31 08:55:14 2025 +0200
security page (#79)
---
docs/community/security.md | 30 ++++++++++++++++++++++++++++++
docusaurus.config.ts | 6 +++++-
2 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/docs/community/security.md b/docs/community/security.md
new file mode 100644
index 00000000..2f51bd17
--- /dev/null
+++ b/docs/community/security.md
@@ -0,0 +1,30 @@
+# Wayang Security
+
+The Apache Software Foundation (ASF) and the Apache Wayang community take
security very seriously. Apache Wayang specifically provides robust security
features and actively addresses concerns around potential vulnerabilities. If
you have discovered a vulnerability or have concerns regarding Apache Wayang
security, please immediately contact the security team via email at
[[email protected]](mailto:[email protected]).
+
+In your email, please include:
+- A detailed description of the security issue
+- Steps to reproduce the vulnerability, if possible
+
+Upon receiving your report, our security team will review the provided
information and respond accordingly.
+
+Please reserve the security address exclusively for reporting undisclosed
vulnerabilities. For general security-related questions, usage of security
features, or addressing known fixed issues, please utilize our user and
developer mailing lists instead. Do not publicly disclose vulnerabilities
without first reporting them to the Apache Wayang security team.
+
+The ASF Security team maintains detailed guidelines on managing and addressing
vulnerabilities. For further information, please refer to the [ASF Security
Page](https://www.apache.org/security/).
+
+For an updated list of security issues that have been addressed in released
versions of Apache Wayang, please review our [CVE
List](https://wayang.apache.org/security).
+
+## Advisories for Dependencies
+
+Many organizations employ security scanning tools to identify components with
known security advisories. Although we strongly recommend these tools as they
can alert users to potential risks, they often generate false positives. This
occurs because a vulnerable dependency may not necessarily impact Apache Wayang
if used in a non-exploitable manner.
+
+Therefore, advisories regarding Apache Wayang's dependencies are not
automatically considered critical. However, if additional analysis indicates
that Apache Wayang might be affected by a dependency's vulnerability, please
report your findings privately to
[[email protected]](mailto:[email protected]).
+
+If a dependency advisory is identified, please:
+
+1. Verify if our DependencyCheck suppressions contain relevant details.
+2. Check our issue tracker for discussions regarding this advisory.
+3. Conduct your own analysis to determine whether Apache Wayang is affected.
+ - If affected, report your findings privately through
[[email protected]](mailto:[email protected]).
+ - If not affected, please contribute by updating the DependencyCheck
suppression list, clearly documenting why Apache Wayang is not impacted.
+
diff --git a/docusaurus.config.ts b/docusaurus.config.ts
index 883144ec..85d5b2b5 100644
--- a/docusaurus.config.ts
+++ b/docusaurus.config.ts
@@ -176,7 +176,7 @@ const config: Config = {
],
},
{
- title: 'Docs',
+ title: 'Documentation',
items: [
{
label: 'Install',
@@ -190,6 +190,10 @@ const config: Config = {
label: 'Benchmark',
to: '/docs/introduction/benchmark',
},
+ {
+ label: 'Security',
+ to: '/docs/community/security',
+ },
],
},
{
