Google Git
Sign in
apache / www-site / refs/heads/asf-site / . / output / security / committers.html
blob: 14f422fefda1268b6baa9d894997e15a4fe52333 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Home page of The Apache Software Foundation">
<link rel="apple-touch-icon" sizes="57x57" href="/favicons/apple-touch-icon-57x57.png">
<link rel="apple-touch-icon" sizes="60x60" href="/favicons/apple-touch-icon-60x60.png">
<link rel="apple-touch-icon" sizes="72x72" href="/favicons/apple-touch-icon-72x72.png">
<link rel="apple-touch-icon" sizes="76x76" href="/favicons/apple-touch-icon-76x76.png">
<link rel="apple-touch-icon" sizes="114x114" href="/favicons/apple-touch-icon-114x114.png">
<link rel="apple-touch-icon" sizes="120x120" href="/favicons/apple-touch-icon-120x120.png">
<link rel="apple-touch-icon" sizes="144x144" href="/favicons/apple-touch-icon-144x144.png">
<link rel="apple-touch-icon" sizes="152x152" href="/favicons/apple-touch-icon-152x152.png">
<link rel="apple-touch-icon" sizes="180x180" href="/favicons/apple-touch-icon-180x180.png">
<link rel="icon" type="image/png" href="/favicons/favicon-32x32.png" sizes="32x32">
<link rel="icon" type="image/png" href="/favicons/favicon-194x194.png" sizes="194x194">
<link rel="icon" type="image/png" href="/favicons/favicon-96x96.png" sizes="96x96">
<link rel="icon" type="image/png" href="/favicons/android-chrome-192x192.png" sizes="192x192">
<link rel="icon" type="image/png" href="/favicons/favicon-16x16.png" sizes="16x16">
<link rel="manifest" href="/favicons/manifest.json">
<link rel="shortcut icon" href="/favicons/favicon.ico">
<meta name="msapplication-TileColor" content="#603cba">
<meta name="msapplication-TileImage" content="/favicons/mstile-144x144.png">
<meta name="msapplication-config" content="/favicons/browserconfig.xml">
<meta name="theme-color" content="#282661">
<title>ASF Project Security for Committers</title>
<link href="/css/Montserrat-300-600.css" rel="stylesheet">
<link href="/css/min.bootstrap.css" rel="stylesheet">
<link href="/css/styles.css" rel="stylesheet">
<link href="/css/new-ui.css" rel="stylesheet">
<style>
.headerlink {
visibility: hidden;
}
dt:hover > .headerlink, p:hover > .headerlink, td:hover > .headerlink, h1:hover > .headerlink, h2:hover > .headerlink, h3:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, h6:hover > .headerlink {
visibility: visible
} </style>
<!-- pagefind search -->
<link href="/_pagefind/pagefind-ui.css" rel="stylesheet">
<script src="/_pagefind/pagefind-ui.js" type="text/javascript"></script>
<script>
window.addEventListener('DOMContentLoaded', (event) => {
new PagefindUI({ element: "#pagefind-search" });
});
var pageTitle = 'ASF Project Security for Committers';
if(pageTitle === '404'){
window.addEventListener('DOMContentLoaded', (event) => {
new PagefindUI({ element: "#page-404-search" });
});
}
</script>
<!-- https://www.apache.org/licenses/LICENSE-2.0 --> <!-- Matomo -->
<script>
var pageTitle = 'ASF Project Security for Committers';
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before
"trackPageView" */
/* We explicitly disable cookie tracking to avoid privacy issues */
_paq.push(['disableCookies']);
if(pageTitle === '404'){
/* Track 404 page hits */
_paq.push(['setDocumentTitle', '404/URL = ' + encodeURIComponent(document.location.pathname+document.location.search) + '/From = ' + encodeURIComponent(document.referrer)]);
}
/* Measure a visit to flink.apache.org and nightlies.apache.org/flink
as the same visit */
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//analytics.apache.org/";
_paq.push(['setTrackerUrl', u+'matomo.php']);
_paq.push(['setSiteId', '37']);
var d=document, g=d.createElement('script'),
s=d.getElementsByTagName('script')[0];
g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<!-- End Matomo Code -->
</head>
<body >
<!-- Navigation -->
<header>
<div id="skiptocontent">
<a href="#maincontent">Skip to Main Content</a>
</div>
<nav class="navbar navbar-inverse navbar-fixed-top mainmenu">
<div class="container">
<div class="navbar-header">
<button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#mainnav-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse" id="mainnav-collapse">
<div class="upper-nav">
<div class="header-social-icons">
<a target="_blank" href="https://infra.apache.org/slack.html"><img src="/images/slack-icon.svg" alt="slack icon"></a>
<a target="_blank" href="https://github.com/apache"><img src="/images/github-mark-white.svg" alt="github icon"></a>
<a target="_blank" href="https://www.linkedin.com/company/the-apache-software-foundation/"><img src="/images/linkedin-icon.png" alt="linkedIn icon"></a>
<a target="_blank" href="https://www.youtube.com/c/TheApacheFoundation"><img src="/images/youtube-icon.svg" alt="youtube icon"></a>
<a target="_blank" href="https://twitter.com/TheASF"><img src="/images/x-icon.svg" alt="X icon"></a>
</div>
<a href="/foundation/sponsorship" class="btn btn-default" onclick="_paq.push(['trackEvent', 'click', 'SponsorASF Button']);">Sponsor the ASF</a>
</div>
<ul class="nav navbar-nav navbar-justified n-navbar-padding">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Community&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="https://community.apache.org/" target="_blank">Contributor Getting Started</a></li>
<li><a href="https://community.apache.org/contributors/" target="_blank">Becoming a Committer</a></li>
<li><a href="/foundation/policies/conduct">Code of Conduct</a></li>
<li><a href="/community-resources/">Community Resources</a></li>
<li><a href="https://communityovercode.org/" target="_blank">Community Over Code</a></li>
<li><a href="https://events.apache.org/" target="_blank">Events</a></li>
<li><a href="https://www.redbubble.com/people/comdev/shop" target="_blank">Store</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Projects&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="/projects">Projects</a></li>
<li><a href="https://incubator.apache.org/" target="_blank">Incubator Projects</a></li>
<li><a href="https://projects.apache.org/" target="_blank">Projects Directory </a></li>
<li><a href="/foundation/mailinglists">Mailing Lists </a></li>
<li><a href="/security">Report a Vulnerability</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Downloads&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="https://downloads.apache.org/" target="_blank">Distributions</a></li>
<li><a href="https://projects.apache.org/releases.html" target="_blank">Releases</a></li>
<li><a href="https://status.apache.org/" target="_blank">Infrastructure Status</a></li>
<li><a href="https://infra-reports.apache.org/#uptime" target="_blank">Infrastructure Statistics</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Learn&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="https://news.apache.org/" target="_blank">Blog</a></li>
<li><a href="/foundation/how-it-works">How the ASF Works</a></li>
<li><a href="/theapacheway/">The Apache Way</a></li>
<li><a href="/legal/">Legal &amp; Trademark</a></li>
<li><a href="/licenses">Licenses</a></li>
<li><a href="/foundation/glossary">Glossary</a></li>
<li><a href="/foundation/faq">FAQ</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">Resources &amp; Tools&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="/dev/">Developer Information</a></li>
<li><a href="https://cwiki.apache.org/" target="_blank" >Wiki</a></li>
<li><a href="https://issues.apache.org/" target="_blank" >Issues</a></li>
<li><a href="https://infra.apache.org/slack.html" target="_blank" >Slack</a></li>
<li><a href="https://selfserve.apache.org/" target="_blank" >Self Serve Portal</a></li>
<li><a href="https://infra.apache.org/" target="_blank" >Infrastructure</a></li>
<li><a href="https://whimsy.apache.org/" target="_blank" >Whimsy</a></li>
<li><a href="/foundation/press/kit/">Brand Guidelines</a></li>
<li><a href="/logos/">Project Logos</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button">About&nbsp;<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="/foundation/">About</a></li>
<li><a href="/foundation/sponsors">Our Sponsors</a></li>
<li><a href="/foundation/sponsorship">Corporate Sponsorship</a></li>
<li><a href="/foundation/individual-supporters">Individual Supporters</a></li>
<li><a href="/foundation/leadership">Leadership</a></li>
<li><a href="/foundation/members">Members</a></li>
<li><a href="https://diversity.apache.org/" target="_blank">Diversity & Inclusion</a></li>
<li><a href="/press/">Newsroom</a></li>
<li><a href="/foundation/contact">Contact</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle hidden-xs" data-toggle="dropdown" role="button"><span class="glyphicon glyphicon-search"
aria-hidden="true"></span><span class="sr-only">Search</span></a>
<ul class="dropdown-menu search-form" role="search">
<li>
<div id="pagefind-search" class="input-group" style="width: 100%; padding: 0 5px;"></div>
</li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
</header>
<!-- / Navigation -->
<header id="main-header" class="container">
<div class="sideImg">
<a class="visible-home" href="https://events.apache.org/x/current-event.html">
<img class="img-responsive" style="width: 125px;" src="/events/current-event-125x125.png" alt="Apache Events"/>
<!-- STALE: <img class="img-responsive" style="width: 125px;" src="https://www.apachecon.com/event-images/default-square-light.png" alt="ApacheCon 2021 Coming Soon!" /> -->
</a>
<a class="hidden-home" href="/"><img class="img-responsive" src="/img/asf-estd-1999-logo.jpg" alt="The Apache Software Foundation"></a>
</div>
<div class="main">
<img class="img-responsive center-block visible-home" src="/img/asf-estd-1999-logo.jpg" alt="Apache 20th Anniversary Logo">
</div>
</header>
<main id="maincontent">
<div class="container"> <h1 id="asf-project-security-for-committers">ASF Project Security for Committers<a class="headerlink" href="#asf-project-security-for-committers" title="Permalink">&para;</a></h1>
<h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permalink">&para;</a></h2>
<p>Here is guidance for Apache committers on how to handle
security vulnerabilities. The <a href="mailto:security@apache.org">Apache Security
Team</a> is available to provide help and advice
to Apache projects that require it.</p>
<ul>
<li><a href="#known">Known vulnerabilities</a></li>
<li><a href="#lists">Project-specific security mailing lists</a></li>
<li><a href="#possible">Handling a possible vulnerability</a></li>
<li><a href="#ids">CVE IDs</a></li>
</ul>
<h2 id="known">Known vulnerabilities<a class="headerlink" href="#known" title="Permanent link">&para;</a></h2>
<p>Projects with known, published vulnerabilities should provide information
about those vulnerabilities on pages such as the
<a href="https://httpd.apache.org/security_report.html">httpd security pages</a>. Provide a clear link on the project's home page to the
security information.</p>
<p>Do not enter details of security vulnerabilities in a project's public bug
tracker unless the necessary configuration is in place to limit access to
the issue to only the reporter and the project team.</p>
<h2 id="lists">Project-specific security mailing lists<a class="headerlink" href="#lists" title="Permanent link">&para;</a></h2>
<p>Projects may wish to create a <a href="https://security.apache.org/projects/">project-specific security mailing list</a>.
These take the name in the form <code>security@project.apache.org</code>, like
<code>security@tomcat.apache.org</code>.</p>
<p>When the infrastructure team creates project-specific security mailing lists, they configure them to copy
all messages to <code>security@apache.org</code> automatically, so you do not have to
cc <code>security@apache.org</code> when sending mail to such a list.</p>
<p>We expect that a subset of project PMC members and committers will
subscribe to the project-specific security mailing list. Do not use the list as a third-party notification system; non-committers should not
be subscribed to the list.</p>
<h2 id="possible">Handling a possible vulnerability<a class="headerlink" href="#possible" title="Permanent link">&para;</a></h2>
<p>Here is the default process for handling a possible security vulnerability.
Projects that need a different process <strong>must</strong> contact <a href="mailto:security@apache.org">security@apache.org</a> for advice,
and should expect to clearly and publicly document their process.</p>
<h3 id="work-in-private">Work in private<a class="headerlink" href="#work-in-private" title="Permalink">&para;</a></h3>
<p>Do <strong>not</strong> make information about the vulnerability public until it is formally announced at the end of this process. That means, for example, that you should <strong>not</strong> create a public Jira ticket to track the issue, or a public GitHub issue, since those would make the issue public.
Messages associated with any commits should <strong>not</strong> make any reference to the
security nature of the commit.</p>
<h3 id="report">Report<a class="headerlink" href="#report" title="Permalink">&para;</a></h3>
<ol>
<li>
<p>The person discovering the issue, the <em>reporter</em>, identifies the mailing list to report to.
If the project the issue relates to has a security@<em>[project]</em>.apache.org mailing list listed on
<a href="https://security.apache.org/projects/">security projects list</a>, use that mailing list. Otherwise, use <code>security@apache.org</code>.</p>
</li>
<li>
<p>Note that the Security teams will ignore all messages that do not relate to reporting or managing an
undisclosed security vulnerability in Apache software.</p>
</li>
<li>
<p>If the report comes to <code>security@apache.org</code>, the security team forwards
it to the project's security list or, if the project does not
have a security list, to the project's private (PMC) mailing list.
The Security Team responds to the original reporter that they have done this.</p>
</li>
</ol>
<p>If the project does not have a dedicated <code>security@project.apache.org</code>
mailing list, all further communication regarding the vulnerability should be copied to <code>security@apache.org</code>.
There is no need to do this for messages sent to <code>security@project.apache.org</code> since these are automatically copied to <code>security@apache.org</code>.</p>
<h3 id="acknowledge">Acknowledge<a class="headerlink" href="#acknowledge" title="Permalink">&para;</a></h3>
<ol start="4">
<li>
<p>The project team sends an e-mail to the original reporter to acknowledge the report, with a copy to the relevant security mailing list.</p>
</li>
<li>
<p>The project team investigates the report and either rejects or accepts it. Project team members may share information about the vulnerability
with domain experts (including colleagues at their employer) at the discretion of the project's security team, providing that they make clear
that the information is not for public disclosure.</p>
</li>
<li>
<p>If the project team <strong>rejects</strong> the report, the team writes to the reporter to
explain why, with a copy to the relevant security mailing list.</p>
</li>
<li>
<p>If the project team <strong>accepts</strong> the report, the team writes to the reporter to let them
know that they have accepted the report and that they are working on a fix.</p>
</li>
<li>
<p>The project team requests a CVE (<a href="https://cve.mitre.org/" target="_blank">Common Vulnerabilities and Exposures</a>) ID from the internal portal, <code>https://cveprocess.apache.org</code>; or by
sending an e-mail with the subject "CVE request for..." to <code>security@apache.org</code>, providing a
short (one-line) description of the vulnerability. <code>security@apache.org</code> can
help determine if a report requires multiple CVE IDs or if multiple reports
should be merged under a single CVE ID.</p>
</li>
<li>
<p>The ASF security team allocates a CVE ID and sends to the project team a link to the
internal portal where it can enter details of the
vulnerability.</p>
</li>
</ol>
<h3 id="resolve">Resolve<a class="headerlink" href="#resolve" title="Permalink">&para;</a></h3>
<ol start="10">
<li>
<p>The project team agrees on a fix on their private list.</p>
</li>
<li>
<p>The project team documents the details of the vulnerability and the fix on the
internal portal. The portal generates draft announcement texts. For
an example of an announcement see <a href="https://lists.apache.org/thread/smbdmck5m48rbh6tw9bbfszf64oh591y">Tomcat's announcement of
CVE-2008-2370</a>. The
level of detail to include in the report is a matter of
judgement. Generally, reports should contain enough information to
enable people to assess the risk the vulnerability poses for
their own system, and no more. Announcements do not normally include steps to reproduce the vulnerability.</p>
<p>Optionally, you can put the CVE into the <code>REVIEW</code> state to request a
review from the Security team. You can discuss the disclosure
using the 'comment' feature, which also sends the comments to the
relevant private mailing list(s).</p>
</li>
<li>
<p>The project team provides the reporter with a copy of the fix and the
draft vulnerability announcement for comment.</p>
</li>
<li>
<p>The project team agrees on the fix, the announcement, and the
release schedule with the reporter. If the reporter is unresponsive
in a reasonable timeframe this should not block the project team from
moving to the next steps, particularly if an issue is of high severity
or impact.</p>
</li>
<li>
<p>The project team commits the fix. Do <strong>not</strong> make any reference that the commit relates to a security vulnerability.</p>
</li>
<li>
<p>The project team creates a release that includes the fix.</p>
</li>
</ol>
<h3 id="announce">Announce<a class="headerlink" href="#announce" title="Permalink">&para;</a></h3>
<ol start="16">
<li>
<p>After (or at the same time as) the release announcement, the project team announces the vulnerability and the fix.
Set the CVE status to <code>READY</code> in the <a href="https://cveprocess.apache.org">internal portal</a>. You can then use the portal to send the emails.
The vulnerability announcement should be sent to the following destinations:</p>
<p>a. the same destinations as the release announcement</p>
<p>b. the vulnerability reporter</p>
<p>c. the project's security list (or <code>security@apache.org</code> if the project does
not have a dedicated security list)</p>
<p>d. <code>oss-security@lists.openwall.com</code> (<a href="https://oss-security.openwall.org/wiki/mailing-lists">subscription not required</a>).</p>
</li>
</ol>
<p>This is the first point that any information regarding the vulnerability is made public.</p>
<h3 id="complete">Complete<a class="headerlink" href="#complete" title="Permalink">&para;</a></h3>
<ol start="17">
<li>
<p>The project team updates the project's security pages.</p>
</li>
<li>
<p>Add the link to the public announcement on the mailinglist as a 'reference' in the CVE.
This notifies the security team, which will submit the information to the CVE project.</p>
</li>
<li>
<p>If the project repository is in Subversion, add the CVE ID to the log for the commit that applied the fix. Do <strong>not</strong> try to do this if your project uses a Git repository, as editing a pushed commit causes all sorts of problems.</p>
</li>
</ol>
<h2 id="ids">CVE IDs<a class="headerlink" href="#ids" title="Permanent link">&para;</a></h2>
<p><a href="https://cve.org/">CVE</a>
IDs are unique identifiers given to security vulnerabilities. The Apache
Security Team is a <a href="https://www.cve.org/ProgramOrganization/CNAs">CVE Numbering Authority (CNA)</a> covering all Apache projects and is the only
group able to allocate IDs to Apache Software Foundation project issues.</p>
<p>If you believe the details of an issue are described
incorrectly, contact <code>security@apache.org</code>.</p>
</div> </main>
<!-- Footer -->
<footer class="bg-primary">
<div class="container">
<div class="row">
<br />
<div class="col-sm-2">
<h5 class="white">Community</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="https://community.apache.org/" target="_blank">Contributor Getting Started</a></li>
<li><a href="https://community.apache.org/contributors/" target="_blank">Becoming a Committer</a></li>
<li><a href="/foundation/policies/conduct">Code of Conduct</a></li>
<li><a href="/community-resources/">Community Resources</a></li>
<li><a href="https://communityovercode.org/" target="_blank">Community Over Code</a></li>
<li><a href="https://events.apache.org/" target="_blank">Events</a></li>
<li><a href="https://www.redbubble.com/people/comdev/shop" target="_blank">Store</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Projects</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="/projects">Projects</a></li>
<li><a href="https://incubator.apache.org/" target="_blank">Incubator Projects</a></li>
<li><a href="https://projects.apache.org/" target="_blank">Projects Directory </a></li>
<li><a href="/foundation/mailinglists">Mailing Lists </a></li>
<li><a href="/security">Report a Vulnerability</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Downloads</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="https://downloads.apache.org/" target="_blank">Distributions</a></li>
<li><a href="https://projects.apache.org/releases.html" target="_blank">Releases</a></li>
<li><a href="https://status.apache.org/" target="_blank">Infrastructure Status</a></li>
<li><a href="https://infra-reports.apache.org/#uptime" target="_blank">Infrastructure Statistics</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Learn</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="https://news.apache.org/" target="_blank">Blog</a></li>
<li><a href="/foundation/how-it-works">How the ASF Works</a></li>
<li><a href="/theapacheway/">The Apache Way</a></li>
<li><a href="/legal/">Legal &amp; Trademark</a></li>
<li><a href="/licenses">Licenses</a></li>
<li><a href="/foundation/glossary">Glossary</a></li>
<li><a href="/foundation/faq">FAQ</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">Resources &amp; Tools</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="/dev/">Developer Information</a></li>
<li><a href="https://cwiki.apache.org/" target="_blank" >Wiki</a></li>
<li><a href="https://issues.apache.org/" target="_blank" >Issues</a></li>
<li><a href="https://infra.apache.org/slack.html" target="_blank" >Slack</a></li>
<li><a href="https://selfserve.apache.org/" target="_blank" >Self Serve Portal</a></li>
<li><a href="https://infra.apache.org/" target="_blank" >Infrastructure</a></li>
<li><a href="https://whimsy.apache.org/" target="_blank" >Whimsy</a></li>
<li><a href="/foundation/press/kit/">Brand Guidelines</a></li>
<li><a href="/logos/">Project Logos</a></li>
</ul>
</div>
<div class="col-sm-2">
<h5 class="white">About</h5>
<ul class="list-unstyled white" role="menu">
<li><a href="/foundation/">About</a></li>
<li><a href="/foundation/sponsors">Our Sponsors</a></li>
<li><a href="/foundation/sponsorship">Corporate Sponsorship</a></li>
<li><a href="/foundation/individual-supporters">Individual Supporters</a></li>
<li><a href="/foundation/leadership">Leadership</a></li>
<li><a href="/foundation/members">Members</a></li>
<li><a href="https://diversity.apache.org/" target="_blank">Diversity & Inclusion</a></li>
<li><a href="/press/">Newsroom</a></li>
<li><a href="/foundation/contact">Contact</a></li>
<li><a href="https://privacy.apache.org/policies/privacy-policy-public.html" target="_blank">Privacy Policy</a></li>
</ul>
</div>
</div>
<hr class="col-lg-12 hr-white" />
<div class="row">
<div class="col-lg-12">
<p class="text-center">Copyright &#169; 2024 The Apache Software Foundation, Licensed under the <a class="white" href="/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="text-center">Apache and the Apache feather logo are trademarks of The Apache Software Foundation. </p>
</div>
</div>
</div>
</footer>
<!-- / Footer -->
<script src="/js/jquery.min.js"></script>
<script src="/js/bootstrap.js"></script>
<script src="/js/slideshow.js"></script>
<script src="/js/new-ui.js"></script>
<script>
(function($){
$(document).ready(function(){
$('ul.dropdown-menu [data-toggle=dropdown]').on('click', function(event) {
event.preventDefault();
event.stopPropagation();
$(this).parent().siblings().removeClass('open');
$(this).parent().toggleClass('open');
console.log('WOrked');
});
});
})(jQuery);
</script>
</body>
</html>