[jira] [Commented] (HBASE-30130) Add a security-model section to the website

Tue, 05 May 2026 06:53:00 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-30130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18078428#comment-18078428
 ] 

Hudson commented on HBASE-30130:
--------------------------------

Results for branch master
        [build #60 on 
builds.a.o|https://ci-hbase.apache.org/job/HBase-Integration-Test/job/master/60/]:
 (/) *{color:green}+1 overall{color}*
----
details (if available):



(/) {color:green}+1 client integration test for 3.3.5 {color}
(/) {color:green}+1 client integration test for 3.3.5 with shaded hadoop 
client{color}


(/) {color:green}+1 client integration test for 3.3.6 {color}
(/) {color:green}+1 client integration test for 3.3.6 with shaded hadoop 
client{color}


(/) {color:green}+1 client integration test for 3.4.0 {color}
(/) {color:green}+1 client integration test for 3.4.0 with shaded hadoop 
client{color}


(/) {color:green}+1 client integration test for 3.4.1 {color}
(/) {color:green}+1 client integration test for 3.4.1 with shaded hadoop 
client{color}


(/) {color:green}+1 client integration test for 3.4.2 {color}
(/) {color:green}+1 client integration test for 3.4.2 with shaded hadoop 
client{color}


(/) {color:green}+1 client integration test for 3.4.3 {color}
(/) {color:green}+1 client integration test for 3.4.3 with shaded hadoop 
client{color}


> Add a security-model section to the website 
> --------------------------------------------
>
>                 Key: HBASE-30130
>                 URL: https://issues.apache.org/jira/browse/HBASE-30130
>             Project: HBase
>          Issue Type: Task
>            Reporter: Andrew Kyle Purtell
>            Assignee: Andrew Kyle Purtell
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 4.0.0-alpha-1
>
>
> Add a "Security Model" page to the Apache HBase website, following the ASF 
> Security Team's recommendation for projects to document their security 
> assumptions.
> The page defines HBase's trust boundaries, explains that HBase's default 
> unauthenticated configuration is intended only for development and testing, 
> and clarifies security expectations for gateway services, coprocessors, web 
> UIs, and transport encryption. It enumerates what constitutes a valid 
> vulnerability versus what does not, providing clear guidance for operators, 
> security researchers, and the ASF Security Team when triaging incoming 
> reports.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to