HBASE-7126 Document how to report security bugs

This commit is contained in:
Misty Stanley-Jones 2015-03-02 10:27:51 +10:00
parent 142e36e7de
commit d590f87ef4
2 changed files with 15 additions and 0 deletions

View File

@ -55,5 +55,10 @@ That said, you are welcome. +
It's a fun place to be. +
Yours, the HBase Community.
.Reporting Bugs
Please use link:https://issues.apache.org/jira/browse/hbase[JIRA] to report non-security-related bugs.
To protect existing HBase installations from new vulnerabilities, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list private@apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.
:numbered:

View File

@ -27,6 +27,16 @@
:icons: font
:experimental:
[IMPORTANT]
.Reporting Security Bugs
====
NOTE: To protect existing HBase installations from exploitation, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list private@apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.
HBase adheres to the Apache Software Foundation's policy on reported vulnerabilities, available at http://apache.org/security/.
If you wish to send an encrypted report, you can use the GPG details provided for the general ASF security list. This will likely increase the response time to your report.
====
HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop.
== Using Secure HTTP (HTTPS) for the Web UI