From d590f87ef410eff6770a71b416f13645615210ea Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Mon, 2 Mar 2015 10:27:51 +1000 Subject: [PATCH] HBASE-7126 Document how to report security bugs --- src/main/asciidoc/_chapters/preface.adoc | 5 +++++ src/main/asciidoc/_chapters/security.adoc | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/main/asciidoc/_chapters/preface.adoc b/src/main/asciidoc/_chapters/preface.adoc index 2eb84114025..960fcc4a5c8 100644 --- a/src/main/asciidoc/_chapters/preface.adoc +++ b/src/main/asciidoc/_chapters/preface.adoc @@ -55,5 +55,10 @@ That said, you are welcome. + It's a fun place to be. + Yours, the HBase Community. +.Reporting Bugs + +Please use link:https://issues.apache.org/jira/browse/hbase[JIRA] to report non-security-related bugs. + +To protect existing HBase installations from new vulnerabilities, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list private@apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report. :numbered: diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index bb757ef1e4d..ae74661c5b7 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -27,6 +27,16 @@ :icons: font :experimental: +[IMPORTANT] +.Reporting Security Bugs +==== +NOTE: To protect existing HBase installations from exploitation, please *do not* use JIRA to report security-related bugs. Instead, send your report to the mailing list private@apache.org, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report. + +HBase adheres to the Apache Software Foundation's policy on reported vulnerabilities, available at http://apache.org/security/. + +If you wish to send an encrypted report, you can use the GPG details provided for the general ASF security list. This will likely increase the response time to your report. +==== + HBase provides mechanisms to secure various components and aspects of HBase and how it relates to the rest of the Hadoop infrastructure, as well as clients and resources outside Hadoop. == Using Secure HTTP (HTTPS) for the Web UI