This is an automated email from the ASF dual-hosted git repository. ayushsaxena pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/hadoop-site.git
The following commit(s) were added to refs/heads/asf-site by this push: new 9cc1d23afc Improve description for security mailing lists. (#48) 9cc1d23afc is described below commit 9cc1d23afc65a06d85ac15b4cd952218596d6efa Author: Ayush Saxena <ayushsax...@apache.org> AuthorDate: Mon Nov 27 20:33:39 2023 +0530 Improve description for security mailing lists. (#48) --- content/mailing_lists.html | 8 ++++++++ src/mailing_lists.md | 9 +++++++++ 2 files changed, 17 insertions(+) diff --git a/content/mailing_lists.html b/content/mailing_lists.html index 0ed3ec503a..646536e8ae 100644 --- a/content/mailing_lists.html +++ b/content/mailing_lists.html @@ -184,6 +184,14 @@ The Hadoop security mailing list is : <a href="mailto:secur...@hadoop.apache.org <p>In order to post to the list, it is <strong>NOT</strong> necessary to first subscribe to it.</p> <p>For information on published vulnerabilities please see our <a href="cve_list.html">CVE list</a>.</p> +<p>This mailing list is only for discussing security vulnerabilities in hadoop ‘source’ code, <strong>NOT</strong> security advisories for thirdparty libraries. For security issues related to thirdparty libraries use the dev/user mailing lists. +However, when after analysis it turns out the advisory impacts Hadoop, that should be discussed on the security list.</p> +<p>The thirdparty library versions in the upcoming releases can be checked here:</p> +<ul> +<li><a href="https://github.com/apache/hadoop/blob/trunk/LICENSE-binary">3.4.x</a></li> +<li><a href="https://github.com/apache/hadoop/blob/branch-3.3/LICENSE-binary">3.3.x</a></li> +</ul> +<p><strong>Note:</strong> Not all vulnerabilities coming from thirdparty libraries impact hadoop and it isn’t possible to update every thirdparty library. Read a hadoop developer’s point of view on upgrading thirdparty libraries <a href="https://s.apache.org/transitive-issues">here</a></p> <h2 id="general">General</h2> <p>This mailing list is <strong>NOT</strong> for end-user questions and discussion. Please use the user mailing list for such issues. diff --git a/src/mailing_lists.md b/src/mailing_lists.md index 7ead9dad8d..bffeee6b25 100644 --- a/src/mailing_lists.md +++ b/src/mailing_lists.md @@ -55,6 +55,15 @@ to it. For information on published vulnerabilities please see our [CVE list](cve_list.html). +This mailing list is only for discussing security vulnerabilities in hadoop 'source' code, **NOT** security advisories for thirdparty libraries. For security issues related to thirdparty libraries use the dev/user mailing lists. +However, when after analysis it turns out the advisory impacts Hadoop, that should be discussed on the security list. + +The thirdparty library versions in the upcoming releases can be checked here: +* [3.4.x](https://github.com/apache/hadoop/blob/trunk/LICENSE-binary) +* [3.3.x](https://github.com/apache/hadoop/blob/branch-3.3/LICENSE-binary) + +**Note:** Not all vulnerabilities coming from thirdparty libraries impact hadoop and it isn't possible to update every thirdparty library. Read a hadoop developer's point of view on upgrading thirdparty libraries [here](https://s.apache.org/transitive-issues) + ## General This mailing list is **NOT** for end-user questions and discussion. --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org