HBASE-7126 Document how to report security bugs
This commit is contained in:
parent
142e36e7de
commit
d590f87ef4
|
@ -55,5 +55,10 @@ That said, you are welcome. +
|
|||
It's a fun place to be. +
|
||||
Yours, the HBase Community.
|
||||
|
||||
.Reporting Bugs
|
||||
|
||||
Please use link:https://issues.apache.org/jira/browse/hbase[JIRA] to report non-security-related bugs.
|
||||
|
||||
To protect existing HBase installations from new vulnerabilities, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list private@apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.
|
||||
|
||||
:numbered:
|
||||
|
|
|
@ -27,6 +27,16 @@
|
|||
:icons: font
|
||||
:experimental:
|
||||
|
||||
[IMPORTANT]
|
||||
.Reporting Security Bugs
|
||||
====
|
||||
NOTE: To protect existing HBase installations from exploitation, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list private@apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.
|
||||
|
||||
HBase adheres to the Apache Software Foundation's policy on reported vulnerabilities, available at http://apache.org/security/.
|
||||
|
||||
If you wish to send an encrypted report, you can use the GPG details provided for the general ASF security list. This will likely increase the response time to your report.
|
||||
====
|
||||
|
||||
HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop.
|
||||
|
||||
== Using Secure HTTP (HTTPS) for the Web UI
|
||||
|
|
Loading…
Reference in New Issue