Google Git
Sign in
apache / www-site / bd9cf04b5f25daef075a0ed2669108ea76d9902e / . / output / security / index.html
blob: 352eb1481c57dc95f4b09d8ab74b831d9b22dba8 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Home page of The Apache Software Foundation">
<link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-touch-icon-57x57.png">
<link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-touch-icon-60x60.png">
<link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-touch-icon-72x72.png">
<link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-touch-icon-76x76.png">
<link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-touch-icon-114x114.png">
<link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-touch-icon-120x120.png">
<link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-touch-icon-144x144.png">
<link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-touch-icon-152x152.png">
<link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-touch-icon-180x180.png">
<link rel="icon" type="image/png" href="/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/favicons/favicon-194x194.png" sizes="194x194">
<link rel="icon" type="image/png" href="/favicons/favicon-96x96.png" sizes="96x96">
<link rel="icon" type="image/png" href="/favicons/android-chrome-192x192.png" sizes="192x192">
<link rel="icon" type="image/png" href="/favicons/favicon-16x16.png" sizes="16x16">
<link rel="manifest" href="/favicons/manifest.json">
<link rel="shortcut icon" href="/favicons/favicon.ico">
<meta name="msapplication-TileColor" content="#603cba">
<meta name="msapplication-TileImage" content="/favicons/mstile-144x144.png">
<meta name="msapplication-config" content="/favicons/browserconfig.xml">
<meta name="theme-color" content="#282661">
<title>ASF Security Team</title>
<link href="/css/Montserrat-300-600.css" rel="stylesheet">
<link href="/css/min.bootstrap.css" rel="stylesheet">
<link href="/css/styles.css" rel="stylesheet">
<style>
.headerlink {
visibility: hidden;
}
dt:hover > .headerlink, p:hover > .headerlink, td:hover > .headerlink, h1:hover > .headerlink, h2:hover > .headerlink, h3:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, h6:hover > .headerlink {
visibility: visible
} </style>
<!-- pagefind search -->
<link href="/_pagefind/pagefind-ui.css" rel="stylesheet">
<script src="/_pagefind/pagefind-ui.js" type="text/javascript"></script>
<script>
window.addEventListener('DOMContentLoaded', (event) => {
new PagefindUI({ element: "#pagefind-search" });
});
var pageTitle = 'ASF Security Team';
if(pageTitle === '404'){
window.addEventListener('DOMContentLoaded', (event) => {
new PagefindUI({ element: "#page-404-search" });
});
}
</script>
<!-- https://www.apache.org/licenses/LICENSE-2.0 --> <!-- Matomo -->
<script>
var pageTitle = 'ASF Security Team';
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before
"trackPageView" */
/* We explicitly disable cookie tracking to avoid privacy issues */
_paq.push(['disableCookies']);
if(pageTitle === '404'){
/* Track 404 page hits */
_paq.push(['setDocumentTitle', '404/URL = ' + encodeURIComponent(document.location.pathname+document.location.search) + '/From = ' + encodeURIComponent(document.referrer)]);
}
/* Measure a visit to flink.apache.org and nightlies.apache.org/flink
as the same visit */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//analytics.apache.org/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '37']);
var d=document, g=d.createElement('script'),
s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
</head>
<body >
<!-- Navigation -->
<header>
<div id="skiptocontent">
<a href="#maincontent">Skip to Main Content</a>
</div>
<nav class="navbar navbar-inverse navbar-fixed-top mainmenu">
<div class="container">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#mainnav-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse" id="mainnav-collapse">
<div class="upper-nav">
<div class="header-social-icons">
<a target="_blank" href="https://infra.apache.org/slack.html"><img src="/images/slack-icon.svg" alt="slack icon"></a>
<a target="_blank" href="https://github.com/apache"><img src="/images/github-mark-white.svg" alt="github icon"></a>
<a target="_blank" href="https://www.linkedin.com/company/the-apache-software-foundation/"><img src="/images/linkedin-icon.png" alt="linkedIn icon"></a>
<a target="_blank" href="https://www.youtube.com/c/TheApacheFoundation"><img src="/images/youtube-icon.svg" alt="youtube icon"></a>
<a target="_blank" href="https://twitter.com/TheASF"><img src="/images/x-icon.svg" alt="X icon"></a>
</div>
<a href="/foundation/sponsorship" class="btn btn-default" onclick="_paq.push(['trackEvent', 'click', 'SponsorASF Button']);">Sponsor the ASF</a>
</div>
<ul class="nav navbar-nav navbar-justified">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Community&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="https://community.apache.org/" target="_blank">Contributor Getting Started</a></li>
<li><a href="https://community.apache.org/contributors/" target="_blank">Becoming a Committer</a></li>
<li><a href="/foundation/policies/conduct">Code of Conduct</a></li>
<li><a href="/community-resources/">Community Resources</a></li>
<li><a href="https://communityovercode.org/" target="_blank">Community Over Code</a></li>
<li><a href="https://events.apache.org/" target="_blank">Events</a></li>
<li><a href="https://www.redbubble.com/people/comdev/shop" target="_blank">Store</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Projects&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="/projects">Projects</a></li>
<li><a href="https://incubator.apache.org/" target="_blank">Incubator Projects</a></li>
<li><a href="https://projects.apache.org/" target="_blank">Projects Directory </a></li>
<li><a href="/foundation/mailinglists">Mailing Lists </a></li>
<li><a href="/security">Report a Vulnerability</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Downloads&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="https://downloads.apache.org/" target="_blank">Distributions</a></li>
<li><a href="https://projects.apache.org/releases.html" target="_blank">Releases</a></li>
<li><a href="https://status.apache.org/" target="_blank">Infrastructure Status</a></li>
<li><a href="https://infra-reports.apache.org/#uptime" target="_blank">Infrastructure Statistics</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Learn&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="https://news.apache.org/" target="_blank">Blog</a></li>
<li><a href="/foundation/how-it-works">How the ASF Works</a></li>
<li><a href="/theapacheway/">The Apache Way</a></li>
<li><a href="/legal/">Legal &amp; Trademark</a></li>
<li><a href="/licenses">Licenses</a></li>
<li><a href="/foundation/glossary">Glossary</a></li>
<li><a href="/foundation/faq">FAQ</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Resources &amp; Tools&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="/dev/">Developer Information</a></li>
<li><a href="https://cwiki.apache.org/" target="_blank" >Wiki</a></li>
<li><a href="https://issues.apache.org/" target="_blank" >Issues</a></li>
<li><a href="https://infra.apache.org/slack.html" target="_blank" >Slack</a></li>
<li><a href="https://selfserve.apache.org/" target="_blank" >Self Serve Portal</a></li>
<li><a href="https://infra.apache.org/" target="_blank" >Infrastructure</a></li>
<li><a href="https://whimsy.apache.org/" target="_blank" >Whimsy</a></li>
<li><a href="/foundation/press/kit/">Brand Guidelines</a></li>
<li><a href="/logos/">Project Logos</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">About&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="/foundation/">About</a></li>
<li><a href="/foundation/sponsors">Our Sponsors</a></li>
<li><a href="/foundation/sponsorship">Corporate Sponsorship</a></li>
<li><a href="/foundation/individual-supporters">Individual Supporters</a></li>
<li><a href="/foundation/leadership">Leadership</a></li>
<li><a href="/foundation/members">Members</a></li>
<li><a href="https://diversity.apache.org/" target="_blank">Diversity & Inclusion</a></li>
<li><a href="/press/">Newsroom</a></li>
<li><a href="/foundation/contact">Contact</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle hidden-xs" data-toggle="dropdown" role="button"><span class="glyphicon glyphicon-search"
aria-hidden="true"></span><span class="sr-only">Search</span></a>
<ul class="dropdown-menu search-form" role="search">
<li>
<div id="pagefind-search" class="input-group" style="width: 100%; padding: 0 5px;"></div>
</li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
</header>
<!-- / Navigation -->
<header id="main-header" class="container">
<div class="sideImg">
<a class="visible-home" href="https://events.apache.org/x/current-event.html">
<img class="img-responsive" style="width: 125px;" src="/events/current-event-125x125.png" alt="Apache Events"/>
<!-- STALE: <img class="img-responsive" style="width: 125px;" src="https://www.apachecon.com/event-images/default-square-light.png" alt="ApacheCon 2021 Coming Soon!" /> -->
</a>
<a class="hidden-home" href="/"><img class="img-responsive" src="/img/asf-estd-1999-logo.jpg" alt="The Apache Software Foundation"></a>
</div>
<div class="main">
<img class="img-responsive center-block visible-home" src="/img/asf-estd-1999-logo.jpg" alt="Apache 20th Anniversary Logo">
</div>
</header>
<main id="maincontent">
<div class="container"> <h1 id="asf-security-team">ASF Security Team<a class="headerlink" href="#asf-security-team" title="Permalink">&para;</a></h1>
<p>The Apache Security Team guides Apache projects on security issues
and coordinates the handling of all security vulnerabilities. The team
is a CVE Numbering Authority (CNA) covering all Apache projects and is
the only group able to allocate IDs to Apache Software Foundation project
issues. Advisories are published per project, and may be reviewed via
the <a href="https://security.apache.org/projects/">project advisories</a>.</p>
<h2 id="reporting-a-vulnerability">Reporting a vulnerability<a class="headerlink" href="#reporting-a-vulnerability" title="Permalink">&para;</a></h2>
<p>We strongly encourage you to report potential security vulnerabilities to one of
our private security mailing lists first, before disclosing them in a
public forum.</p>
<p>A <a href="https://security.apache.org/projects/">list of security contacts for Apache projects</a> is
available. If you can't find a project-specific security e-mail address and
you have an undisclosed security vulnerability to report, use
the general security address below.</p>
<p><strong>Only use the security contacts to report undisclosed security vulnerabilities in Apache projects and
manage the process of fixing such vulnerabilities. We cannot accept
regular bug reports or other security-related queries at these addresses.
We will ignore mail sent to these addresses that does not relate to an undisclosed
security problem in an Apache project.</strong></p>
<p><strong>Also note that the security team handles vulnerabilities in Apache projects,
not running ASF services. Send reports of vulnerabilities in ASF
services to <a href="mailto:root@apache.org">root@apache.org</a>. (This includes issues with apache.org websites)</strong></p>
<p>The general security mailing list address is:
<a href="mailto:security@apache.org">security@apache.org</a>. This is a private
mailing list.</p>
<p>Please send one plain-text, unencrypted, email for each vulnerability you are reporting. We may
ask you to resubmit your report if you send it as an image, movie, HTML, or
PDF attachment when you could as easily describe it with plain text.</p>
<h2 id="vulnerability-information">Vulnerability Information<a class="headerlink" href="#vulnerability-information" title="Permalink">&para;</a></h2>
<p>You can usually find information on known vulnerabilities for an Apache project on the project's web pages. For convenience, consult the <a href="projects.html">list of
security information pages for Apache projects</a>. If you can't find the information you are looking for on the
project's web site, ask your question on the project's <code>users</code> mailing list. Do <strong>not</strong> ask the security contacts directly about:</p>
<ul>
<li>
<p>how to configure the package securely</p>
</li>
<li>
<p>whether a published vulnerability applies to specific versions of the Apache
packages you are using</p>
</li>
<li>
<p>whether a published vulnerability applies to the configuration of the Apache
packages you are using</p>
</li>
<li>
<p>obtaining further information on a published vulnerability</p>
</li>
<li>
<p>the availability of patches and/or new releases to address a published
vulnerability</p>
</li>
</ul>
<p>The relevant project's <code>users</code> list is the place to ask such questions. The Apache Security Team and any project security
team will ignore any such questions you send directly to them.</p>
<h2 id="vulnerability-handling">Vulnerability handling<a class="headerlink" href="#vulnerability-handling" title="Permalink">&para;</a></h2>
<p>An overview of the vulnerability handling process is:</p>
<ul>
<li>
<p>The reporter reports the vulnerability privately to Apache.</p>
</li>
<li>
<p>The appropriate project's security team works privately with the reporter
to resolve the vulnerability.</p>
</li>
<li>
<p>The project creates a new release of the package the vulnerability affects to deliver its fix.</p>
</li>
<li>
<p>The project publicly announces the vulnerability and describes how to apply the fix.</p>
</li>
</ul>
<p>Committers should read a <a href="committers.html">more detailed description of the process</a>. Reporters of security vulnerabilities may also find
it useful.</p>
<h2 id="discussion">Discussion<a class="headerlink" href="#discussion" title="Permalink">&para;</a></h2>
<p>Committers and Security Researchers are encouraged to join our <a href="https://lists.apache.org/list.html?security-discuss@community.apache.org">community discuss list</a>.</p>
</div> </main>
<!-- Footer -->
<footer class="bg-primary">
<div class="container">
<div class="row">
<br />
<div class="col-sm-2">
<h5 class="white">Community</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="https://community.apache.org/" target="_blank">Contributor Getting Started</a></li>
<li><a href="https://community.apache.org/contributors/" target="_blank">Becoming a Committer</a></li>
<li><a href="/foundation/policies/conduct">Code of Conduct</a></li>
<li><a href="/community-resources/">Community Resources</a></li>
<li><a href="https://communityovercode.org/" target="_blank">Community Over Code</a></li>
<li><a href="https://events.apache.org/" target="_blank">Events</a></li>
<li><a href="https://www.redbubble.com/people/comdev/shop" target="_blank">Store</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Projects</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="/projects">Projects</a></li>
<li><a href="https://incubator.apache.org/" target="_blank">Incubator Projects</a></li>
<li><a href="https://projects.apache.org/" target="_blank">Projects Directory </a></li>
<li><a href="/foundation/mailinglists">Mailing Lists </a></li>
<li><a href="/security">Report a Vulnerability</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Downloads</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="https://downloads.apache.org/" target="_blank">Distributions</a></li>
<li><a href="https://projects.apache.org/releases.html" target="_blank">Releases</a></li>
<li><a href="https://status.apache.org/" target="_blank">Infrastructure Status</a></li>
<li><a href="https://infra-reports.apache.org/#uptime" target="_blank">Infrastructure Statistics</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Learn</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="https://news.apache.org/" target="_blank">Blog</a></li>
<li><a href="/foundation/how-it-works">How the ASF Works</a></li>
<li><a href="/theapacheway/">The Apache Way</a></li>
<li><a href="/legal/">Legal &amp; Trademark</a></li>
<li><a href="/licenses">Licenses</a></li>
<li><a href="/foundation/glossary">Glossary</a></li>
<li><a href="/foundation/faq">FAQ</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Resources &amp; Tools</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="/dev/">Developer Information</a></li>
<li><a href="https://cwiki.apache.org/" target="_blank" >Wiki</a></li>
<li><a href="https://issues.apache.org/" target="_blank" >Issues</a></li>
<li><a href="https://infra.apache.org/slack.html" target="_blank" >Slack</a></li>
<li><a href="https://selfserve.apache.org/" target="_blank" >Self Serve Portal</a></li>
<li><a href="https://infra.apache.org/" target="_blank" >Infrastructure</a></li>
<li><a href="https://whimsy.apache.org/" target="_blank" >Whimsy</a></li>
<li><a href="/foundation/press/kit/">Brand Guidelines</a></li>
<li><a href="/logos/">Project Logos</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">About</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="/foundation/">About</a></li>
<li><a href="/foundation/sponsors">Our Sponsors</a></li>
<li><a href="/foundation/sponsorship">Corporate Sponsorship</a></li>
<li><a href="/foundation/individual-supporters">Individual Supporters</a></li>
<li><a href="/foundation/leadership">Leadership</a></li>
<li><a href="/foundation/members">Members</a></li>
<li><a href="https://diversity.apache.org/" target="_blank">Diversity & Inclusion</a></li>
<li><a href="/press/">Newsroom</a></li>
<li><a href="/foundation/contact">Contact</a></li>
<li><a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank">Privacy Policy</a></li>
</ul>
</div>
</div>
<hr class="col-lg-12 hr-white" />
<div class="row">
<div class="col-lg-12">
<p class="text-center">Copyright &#169; 2024 The Apache Software Foundation, Licensed under the <a class="white" href="/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="text-center">Apache and the Apache feather logo are trademarks of The Apache Software Foundation. </p>
</div>
</div>
</div>
</footer>
<!-- / Footer -->
<script src="/js/jquery.min.js"></script>
<script src="/js/bootstrap.js"></script>
<script src="/js/slideshow.js"></script>
<script>
(function($){
$(document).ready(function(){
$('ul.dropdown-menu [data-toggle=dropdown]').on('click', function(event) {
event.preventDefault();
event.stopPropagation();
$(this).parent().siblings().removeClass('open');
$(this).parent().toggleClass('open');
console.log('WOrked');
});
});
})(jQuery);
</script>
</body>
</html>