This is an automated email from the ASF dual-hosted git repository.
ayushsaxena pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/hadoop-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 9cc1d23afc Improve description for security mailing lists. (#48)
9cc1d23afc is described below
commit 9cc1d23afc65a06d85ac15b4cd952218596d6efa
Author: Ayush Saxena <ayushsax...@apache.org>
AuthorDate: Mon Nov 27 20:33:39 2023 +0530
Improve description for security mailing lists. (#48)
---
content/mailing_lists.html | 8 ++++++++
src/mailing_lists.md | 9 +++++++++
2 files changed, 17 insertions(+)
diff --git a/content/mailing_lists.html b/content/mailing_lists.html
index 0ed3ec503a..646536e8ae 100644
--- a/content/mailing_lists.html
+++ b/content/mailing_lists.html
@@ -184,6 +184,14 @@ The Hadoop security mailing list is : <a
href="mailto:secur...@hadoop.apache.org
<p>In order to post to the list, it is <strong>NOT</strong> necessary to first
subscribe
to it.</p>
<p>For information on published vulnerabilities please see our <a
href="cve_list.html">CVE list</a>.</p>
+<p>This mailing list is only for discussing security vulnerabilities in hadoop
‘source’ code, <strong>NOT</strong> security advisories for
thirdparty libraries. For security issues related to thirdparty libraries use
the dev/user mailing lists.
+However, when after analysis it turns out the advisory impacts Hadoop, that
should be discussed on the security list.</p>
+<p>The thirdparty library versions in the upcoming releases can be checked
here:</p>
+<ul>
+<li><a
href="https://github.com/apache/hadoop/blob/trunk/LICENSE-binary";>3.4.x</a></li>
+<li><a
href="https://github.com/apache/hadoop/blob/branch-3.3/LICENSE-binary";>3.3.x</a></li>
+</ul>
+<p><strong>Note:</strong> Not all vulnerabilities coming from thirdparty
libraries impact hadoop and it isn’t possible to update every thirdparty
library. Read a hadoop developer’s point of view on upgrading thirdparty
libraries <a href="https://s.apache.org/transitive-issues";>here</a></p>
<h2 id="general">General</h2>
<p>This mailing list is <strong>NOT</strong> for end-user questions and
discussion.
Please use the user mailing list for such issues.
diff --git a/src/mailing_lists.md b/src/mailing_lists.md
index 7ead9dad8d..bffeee6b25 100644
--- a/src/mailing_lists.md
+++ b/src/mailing_lists.md
@@ -55,6 +55,15 @@ to it.
For information on published vulnerabilities please see our [CVE
list](cve_list.html).
+This mailing list is only for discussing security vulnerabilities in hadoop
'source' code, **NOT** security advisories for thirdparty libraries. For
security issues related to thirdparty libraries use the dev/user mailing lists.
+However, when after analysis it turns out the advisory impacts Hadoop, that
should be discussed on the security list.
+
+The thirdparty library versions in the upcoming releases can be checked here:
+* [3.4.x](https://github.com/apache/hadoop/blob/trunk/LICENSE-binary)
+* [3.3.x](https://github.com/apache/hadoop/blob/branch-3.3/LICENSE-binary)
+
+**Note:** Not all vulnerabilities coming from thirdparty libraries impact
hadoop and it isn't possible to update every thirdparty library. Read a hadoop
developer's point of view on upgrading thirdparty libraries
[here](https://s.apache.org/transitive-issues)
+
## General
This mailing list is **NOT** for end-user questions and discussion.
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
