| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
| <meta name="description" content="Home page of The Apache Software Foundation"> |
| <link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-touch-icon-57x57.png"> |
| <link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-touch-icon-60x60.png"> |
| <link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-touch-icon-72x72.png"> |
| <link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-touch-icon-76x76.png"> |
| <link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-touch-icon-114x114.png"> |
| <link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-touch-icon-120x120.png"> |
| <link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-touch-icon-144x144.png"> |
| <link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-touch-icon-152x152.png"> |
| <link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-touch-icon-180x180.png"> |
| <link rel="icon" type="image/png" href="/favicons/favicon-32x32.png" sizes="32x32"> |
| <link rel="icon" type="image/png" href="/favicons/favicon-194x194.png" sizes="194x194"> |
| <link rel="icon" type="image/png" href="/favicons/favicon-96x96.png" sizes="96x96"> |
| <link rel="icon" type="image/png" href="/favicons/android-chrome-192x192.png" sizes="192x192"> |
| <link rel="icon" type="image/png" href="/favicons/favicon-16x16.png" sizes="16x16"> |
| <link rel="manifest" href="/favicons/manifest.json"> |
| <link rel="shortcut icon" href="/favicons/favicon.ico"> |
| <meta name="msapplication-TileColor" content="#603cba"> |
| <meta name="msapplication-TileImage" content="/favicons/mstile-144x144.png"> |
| <meta name="msapplication-config" content="/favicons/browserconfig.xml"> |
| <meta name="theme-color" content="#282661"> |
| |
| <title>ASF Security Team</title> |
| <link href="/css/Montserrat-300-600.css" rel="stylesheet"> |
| <link href="/css/min.bootstrap.css" rel="stylesheet"> |
| <link href="/css/styles.css" rel="stylesheet"> |
| <style> |
| .headerlink { |
| visibility: hidden; |
| } |
| dt:hover > .headerlink, p:hover > .headerlink, td:hover > .headerlink, h1:hover > .headerlink, h2:hover > .headerlink, h3:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, h6:hover > .headerlink { |
| visibility: visible |
| } </style> |
| |
| <!-- pagefind search --> |
| <link href="/_pagefind/pagefind-ui.css" rel="stylesheet"> |
| <script src="/_pagefind/pagefind-ui.js" type="text/javascript"></script> |
| <script> |
| window.addEventListener('DOMContentLoaded', (event) => { |
| new PagefindUI({ element: "#pagefind-search" }); |
| }); |
| </script> |
| |
| <!-- https://www.apache.org/licenses/LICENSE-2.0 --> |
| </head> |
| |
| <body > |
| <!-- Navigation --> |
| <header> |
| <div id="skiptocontent"> |
| <a href="#maincontent">Skip to Main Content</a> |
| </div> |
| <nav class="navbar navbar-inverse navbar-fixed-top mainmenu"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#mainnav-collapse"> |
| <span class="sr-only">Toggle navigation</span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| </div> |
| <div class="collapse navbar-collapse" id="mainnav-collapse"> |
| <ul class="nav navbar-nav navbar-justified"> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Community <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu"> |
| <li><a href="https://community.apache.org/" target="_blank">Contributor Getting Started</a></li> |
| <li><a href="https://community.apache.org/contributors/" target="_blank">Becoming a Committer</a></li> |
| <li><a href="/foundation/policies/conduct">Code of Conduct</a></li> |
| <li><a href="/community-resources/">Community Resources</a></li> |
| <li><a href="https://communityovercode.org/" target="_blank">Community Over Code</a></li> |
| <li><a href="https://events.apache.org/" target="_blank">Events</a></li> |
| <li><a href="https://www.redbubble.com/people/comdev/shop" target="_blank">Store</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Projects <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu"> |
| <li><a href="/projects">Projects</a></li> |
| <li><a href="https://incubator.apache.org/" target="_blank">Incubator Projects</a></li> |
| <li><a href="https://projects.apache.org/" target="_blank">Projects Directory </a></li> |
| <li><a href="/foundation/mailinglists">Mailing Lists </a></li> |
| <li><a href="/security">Report a Vulnerability</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Downloads <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu"> |
| <li><a href="https://downloads.apache.org/" target="_blank">Distributions</a></li> |
| <li><a href="https://projects.apache.org/releases.html" target="_blank">Releases</a></li> |
| <li><a href="https://status.apache.org/" target="_blank">Infrastructure Status</a></li> |
| <li><a href="https://infra-reports.apache.org/#uptime" target="_blank">Infrastructure Statistics</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Learn <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu"> |
| <li><a href="https://news.apache.org/" target="_blank">Blog</a></li> |
| <li><a href="/foundation/how-it-works">How the ASF Works</a></li> |
| <li><a href="/theapacheway/">The Apache Way</a></li> |
| <li><a href="/legal/">Legal & Trademark</a></li> |
| <li><a href="/foundation/marks/">Trademark Policy</a></li> |
| <li><a href="/licenses">Licenses</a></li> |
| <li><a href="/foundation/glossary">Glossary</a></li> |
| <li><a href="/foundation/faq">FAQ</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Resources & Tools <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu"> |
| <li><a href="/dev/">Developer Information</a></li> |
| <li><a href="https://cwiki.apache.org/" target="_blank" >Wiki</a></li> |
| <li><a href="https://issues.apache.org/" target="_blank" >Issues</a></li> |
| <li><a href="https://infra.apache.org/slack.html" target="_blank" >Slack</a></li> |
| <li><a href="https://selfserve.apache.org/" target="_blank" >Self Serve Portal</a></li> |
| <li><a href="https://infra.apache.org/" target="_blank" >Infrastructure</a></li> |
| <li><a href="https://whimsy.apache.org/" target="_blank" >Whimsy</a></li> |
| <li><a href="/foundation/press/kit/">Brand Guidelines</a></li> |
| <li><a href="/logos/">Project Logos</a></li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">About <span class="caret"></span></a> |
| <ul class="dropdown-menu" role="menu"> |
| <li><a href="/foundation/">About</a></li> |
| <li><a href="/foundation/sponsors">Our Sponsors</a></li> |
| <li><a href="/foundation/individual-supporters">Individual Supporters</a></li> |
| <li><a href="/foundation/leadership">Leadership</a></li> |
| <li><a href="/foundation/members">Members</a></li> |
| <li><a href="https://diversity.apache.org/" target="_blank">Diversity & Inclusion</a></li> |
| <li><a href="/press/">Newsroom</a></li> |
| <li><a href="/foundation/contact">Contact</a></li> |
| </ul> |
| </li> |
| |
| |
| |
| <li class="dropdown hidden-xs"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button"><span class="glyphicon glyphicon-search" |
| aria-hidden="true"></span><span class="sr-only">Search</span></a> |
| <ul class="dropdown-menu search-form" role="search"> |
| <li> |
| <div id="pagefind-search" class="input-group" style="width: 100%; padding: 0 5px;"></div> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </nav> |
| </header> |
| <!-- / Navigation --> |
| <header id="main-header" class="container"> |
| <div class="sideImg"> |
| <a class="visible-home" href="https://events.apache.org/x/current-event.html"> |
| <img class="img-responsive" style="width: 125px;" src="/events/current-event-125x125.png" alt="Apache Events"/> |
| <!-- STALE: <img class="img-responsive" style="width: 125px;" src="https://www.apachecon.com/event-images/default-square-light.png" alt="ApacheCon 2021 Coming Soon!" /> --> |
| </a> |
| <a class="hidden-home" href="/"><img class="img-responsive" src="/img/asf-estd-1999-logo.jpg" alt="The Apache Software Foundation"></a> |
| </div> |
| <div class="main"> |
| <img class="img-responsive center-block visible-home" src="/img/asf-estd-1999-logo.jpg" alt="Apache 20th Anniversary Logo"> |
| |
| </div> |
| |
| </header> |
| <main id="maincontent"> |
| <div class="container"> <h1 id="asf-security-team">ASF Security Team<a class="headerlink" href="#asf-security-team" title="Permalink">¶</a></h1> |
| <p>The Apache Security Team provides help and advice to Apache |
| projects on security issues and coordinates the handling of |
| security vulnerabilities.</p> |
| <h2 id="reporting-a-vulnerability">Reporting a vulnerability<a class="headerlink" href="#reporting-a-vulnerability" title="Permalink">¶</a></h2> |
| <p>We strongly encourage you to report potential security vulnerabilities to one of |
| our private security mailing lists first, before disclosing them in a |
| public forum.</p> |
| <p>A <a href="https://security.apache.org/projects/">list of security contacts for Apache projects</a> is |
| available. If you can't find a project-specific security e-mail address and |
| you have an undisclosed security vulnerability to report, use |
| the general security address below.</p> |
| <p><strong>Only use the security contacts to report undisclosed security vulnerabilities in Apache projects and |
| manage the process of fixing such vulnerabilities. We cannot accept |
| regular bug reports or other security-related queries at these addresses. |
| We will ignore mail sent to these addresses that does not relate to an undisclosed |
| security problem in an Apache project.</strong></p> |
| <p><strong>Also note that the security team handles vulnerabilities in Apache projects, |
| not running ASF services. Send reports of vulnerabilities in ASF |
| services to <a href="mailto:root@apache.org">root@apache.org</a>. (This includes issues with apache.org websites)</strong></p> |
| <p>The general security mailing list address is: |
| <a href="mailto:security@apache.org">security@apache.org</a>. This is a private |
| mailing list.</p> |
| <p>Please send one plain-text email for each vulnerability you are reporting. We may |
| ask you to resubmit your report if you send it as an image, movie, HTML, or |
| PDF attachment when you could as easily describe it with plain text.</p> |
| <p>You do not need to encrypt submissions, and it takes us longer to respond to encrypted reports. There is no team key for <code>security@apache.org</code>; |
| instead you can use the OpenPGP keys of the |
| following subset of members of the Apache Security Team. |
| Note that this is |
| not a complete list of Apache Security Team members and that you should not |
| contact these members individually about security issues.</p> |
| <ul> |
| <li>Mark Cox - 5B25 45DA B219 95F4 088C EFAA 36CE E4DE B00C FE33 - |
| <a href="https://keys.openpgp.org/search?q=5B2545DAB21995F4088CEFAA36CEE4DEB00CFE33">keys.openpgp.org</a></li> |
| <li>Bill Rowe - B1B9 6F45 DFBD CCF9 7401 9235 193F 180A B55D 9977 - |
| <a href="https://keys.openpgp.org/search?q=B1B96F45DFBDCCF974019235193F180AB55D9977">keys.openpgp.org</a></li> |
| <li>Mark Thomas - A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 - |
| <a href="https://keys.openpgp.org/search?q=A9C5DF4D22E99998D9875A5110C01C5A2F6059E7">keys.openpgp.org</a></li> |
| <li>Yann Ylavic - 8935 9267 45E1 CE7E 3ED7 48F6 EC99 EE26 7EB5 F61A - |
| <a href="https://keys.openpgp.org/search?q=8935926745E1CE7E3ED748F6EC99EE267EB5F61A">keys.openpgp.org</a></li> |
| </ul> |
| <p>You can obtain these public keys <a href="KEYS.txt">in a single file</a>.</p> |
| <h2 id="vulnerability-information">Vulnerability Information<a class="headerlink" href="#vulnerability-information" title="Permalink">¶</a></h2> |
| <p>You can usually find information on known vulnerabilities for an Apache project on the project's web pages. For convenience, consult the <a href="projects.html">list of |
| security information pages for Apache projects</a>. If you can't find the information you are looking for on the |
| project's web site, ask your question on the project's <code>users</code> mailing list. Do <strong>not</strong> ask the security contacts directly about:</p> |
| <ul> |
| <li> |
| <p>how to configure the package securely</p> |
| </li> |
| <li> |
| <p>whether a published vulnerability applies to specific versions of the Apache |
| packages you are using</p> |
| </li> |
| <li> |
| <p>whether a published vulnerability applies to the configuration of the Apache |
| packages you are using</p> |
| </li> |
| <li> |
| <p>obtaining further information on a published vulnerability</p> |
| </li> |
| <li> |
| <p>the availability of patches and/or new releases to address a published |
| vulnerability</p> |
| </li> |
| </ul> |
| <p>The relevant project's <code>users</code> list is the place to ask such questions. The Apache Security Team and any project security |
| team will ignore any such questions you send directly to them.</p> |
| <h2 id="vulnerability-handling">Vulnerability handling<a class="headerlink" href="#vulnerability-handling" title="Permalink">¶</a></h2> |
| <p>An overview of the vulnerability handling process is:</p> |
| <ul> |
| <li> |
| <p>The reporter reports the vulnerability privately to Apache.</p> |
| </li> |
| <li> |
| <p>The appropriate project's security team works privately with the reporter |
| to resolve the vulnerability.</p> |
| </li> |
| <li> |
| <p>The project creates a new release of the package the vulnerability affects to deliver its fix.</p> |
| </li> |
| <li> |
| <p>The project publicly announces the vulnerability and describes how to apply the fix.</p> |
| </li> |
| </ul> |
| <p>Committers should read a <a href="committers.html">more detailed description of the process</a>. Reporters of security vulnerabilities may also find |
| it useful.</p> |
| |
| </div> </main> |
| |
| <!-- Footer --> |
| <footer class="bg-primary"> |
| <div class="container"> |
| <div class="row"> |
| <br /> |
| <div class="col-sm-2"> |
| <h5 class="white">Community</h5> |
| <ul class="list-unstyled white" role="menu"> |
| <li><a href="https://community.apache.org/" target="_blank">Contributor Getting Started</a></li> |
| <li><a href="https://community.apache.org/contributors/" target="_blank">Becoming a Committer</a></li> |
| <li><a href="/foundation/policies/conduct">Code of Conduct</a></li> |
| <li><a href="/community-resources/">Community Resources</a></li> |
| <li><a href="https://communityovercode.org/" target="_blank">Community Over Code</a></li> |
| <li><a href="https://events.apache.org/" target="_blank">Events</a></li> |
| <li><a href="https://www.redbubble.com/people/comdev/shop" target="_blank">Store</a></li> |
| </ul> |
| </div> |
| |
| <div class="col-sm-2"> |
| <h5 class="white">Projects</h5> |
| <ul class="list-unstyled white" role="menu"> |
| <li><a href="/projects">Projects</a></li> |
| <li><a href="https://incubator.apache.org/" target="_blank">Incubator Projects</a></li> |
| <li><a href="https://projects.apache.org/" target="_blank">Projects Directory </a></li> |
| <li><a href="/foundation/mailinglists">Mailing Lists </a></li> |
| <li><a href="/security">Report a Vulnerability</a></li> |
| </ul> |
| </div> |
| <div class="col-sm-2"> |
| <h5 class="white">Downloads</h5> |
| <ul class="list-unstyled white" role="menu"> |
| <li><a href="https://downloads.apache.org/" target="_blank">Distributions</a></li> |
| <li><a href="https://projects.apache.org/releases.html" target="_blank">Releases</a></li> |
| <li><a href="https://status.apache.org/" target="_blank">Infrastructure Status</a></li> |
| <li><a href="https://infra-reports.apache.org/#uptime" target="_blank">Infrastructure Statistics</a></li> |
| </ul> |
| </div> |
| |
| <div class="col-sm-2"> |
| <h5 class="white">Learn</h5> |
| <ul class="list-unstyled white" role="menu"> |
| <li><a href="https://news.apache.org/" target="_blank">Blog</a></li> |
| <li><a href="/foundation/how-it-works">How the ASF Works</a></li> |
| <li><a href="/theapacheway/">The Apache Way</a></li> |
| <li><a href="/legal/">Legal & Trademark</a></li> |
| <li><a href="/foundation/marks/">Trademark Policy</a></li> |
| <li><a href="/licenses">Licenses</a></li> |
| <li><a href="/foundation/glossary">Glossary</a></li> |
| <li><a href="/foundation/faq">FAQ</a></li> |
| </ul> |
| </div> |
| |
| <div class="col-sm-2"> |
| <h5 class="white">Resources & Tools</h5> |
| <ul class="list-unstyled white" role="menu"> |
| <li><a href="/dev/">Developer Information</a></li> |
| <li><a href="https://cwiki.apache.org/" target="_blank" >Wiki</a></li> |
| <li><a href="https://issues.apache.org/" target="_blank" >Issues</a></li> |
| <li><a href="https://infra.apache.org/slack.html" target="_blank" >Slack</a></li> |
| <li><a href="https://selfserve.apache.org/" target="_blank" >Self Serve Portal</a></li> |
| <li><a href="https://infra.apache.org/" target="_blank" >Infrastructure</a></li> |
| <li><a href="https://whimsy.apache.org/" target="_blank" >Whimsy</a></li> |
| <li><a href="/foundation/press/kit/">Brand Guidelines</a></li> |
| <li><a href="/logos/">Project Logos</a></li> |
| </ul> |
| </div> |
| |
| <div class="col-sm-2"> |
| <h5 class="white">About</h5> |
| <ul class="list-unstyled white" role="menu"> |
| <li><a href="/foundation/">About</a></li> |
| <li><a href="/foundation/sponsors">Our Sponsors</a></li> |
| <li><a href="/foundation/individual-supporters">Individual Supporters</a></li> |
| <li><a href="/foundation/leadership">Leadership</a></li> |
| <li><a href="/foundation/members">Members</a></li> |
| <li><a href="https://diversity.apache.org/" target="_blank">Diversity & Inclusion</a></li> |
| <li><a href="/press/">Newsroom</a></li> |
| <li><a href="/foundation/contact">Contact</a></li> |
| <li><a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank">Privacy Policy</a></li> |
| </ul> |
| </div> |
| |
| |
| </div> |
| <hr class="col-lg-12 hr-white" /> |
| <div class="row"> |
| <div class="col-lg-12"> |
| <p class="text-center">Copyright © 2023 The Apache Software Foundation, Licensed under the <a class="white" href="/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> |
| <p class="text-center">Apache and the Apache feather logo are trademarks of The Apache Software Foundation. </p> |
| </div> |
| </div> |
| </div> |
| |
| </footer> |
| |
| <!-- / Footer --> |
| |
| <script src="/js/jquery.min.js"></script> |
| <script src="/js/bootstrap.js"></script> |
| <script src="/js/slideshow.js"></script> |
| <script> |
| (function($){ |
| $(document).ready(function(){ |
| $('ul.dropdown-menu [data-toggle=dropdown]').on('click', function(event) { |
| event.preventDefault(); |
| event.stopPropagation(); |
| $(this).parent().siblings().removeClass('open'); |
| $(this).parent().toggleClass('open'); |
| console.log('WOrked'); |
| }); |
| }); |
| })(jQuery); |
| </script> |
| </body> |
| </html> |