The Apache Security Team guides Apache projects on security issues and coordinates the handling of all security vulnerabilities. The team is a CVE Numbering Authority (CNA) covering all Apache projects and is the only group able to allocate IDs to Apache Software Foundation project issues. Advisories are published per project, and may be reviewed via the project advisories.
We strongly encourage you to report potential security vulnerabilities to one of our private security mailing lists first, before disclosing them in a public forum.
A list of security contacts for Apache projects is available. If you can't find a project-specific security e-mail address and you have an undisclosed security vulnerability to report, use the general security address below.
Only use the security contacts to report undisclosed security vulnerabilities in Apache projects and manage the process of fixing such vulnerabilities. We cannot accept regular bug reports or other security-related queries at these addresses. We will ignore mail sent to these addresses that does not relate to an undisclosed security problem in an Apache project.
Also note that the security team handles vulnerabilities in Apache projects, not running ASF services. Send reports of vulnerabilities in ASF services to root@apache.org. (This includes issues with apache.org websites)
The general security mailing list address is: security@apache.org. This is a private mailing list.
Please send one plain-text, unencrypted, email for each vulnerability you are reporting. We may ask you to resubmit your report if you send it as an image, movie, HTML, or PDF attachment when you could as easily describe it with plain text.
These are things that we are well aware of, and have been reported to us many times, but we do not class as a security vulnerability. Please do not report them.
Issues not classed as security relevant:
You can usually find information on known vulnerabilities for an Apache project on the project's web pages. For convenience, consult the list of
security information pages for Apache projects. If you can't find the information you are looking for on the
project's web site, ask your question on the project's users mailing list. Do not ask the security contacts directly about:
how to configure the package securely
whether a published vulnerability applies to specific versions of the Apache packages you are using
whether a published vulnerability applies to the configuration of the Apache packages you are using
obtaining further information on a published vulnerability
the availability of patches and/or new releases to address a published vulnerability
The relevant project's users list is the place to ask such questions. The Apache Security Team and any project security
team will ignore any such questions you send directly to them.
An overview of the vulnerability handling process is:
The reporter reports the vulnerability privately to Apache.
The appropriate project's security team works privately with the reporter to resolve the vulnerability.
The project creates a new release of the package the vulnerability affects to deliver its fix.
The project publicly announces the vulnerability and describes how to apply the fix.
Committers should read a more detailed description of the process. Reporters of security vulnerabilities may also find it useful.
Committers and Security Researchers are encouraged to join our community discuss list.
| 乳酸杆菌大量是什么意思hcv8jop8ns4r.cn | 梦见好多鱼是什么意思hcv9jop7ns3r.cn | 喝完酒吃什么解酒最快hcv7jop6ns8r.cn | 有出息是什么意思hcv9jop6ns8r.cn | 法西斯是什么意思啊hcv8jop6ns0r.cn |
| 荷花什么时候开hcv7jop4ns7r.cn | 袁隆平是什么家hcv7jop7ns1r.cn | 67年的羊是什么命hcv8jop1ns1r.cn | 生姜什么时候吃最好hcv9jop0ns5r.cn | 头疼是什么引起的hcv8jop8ns4r.cn |
| 脚踩按摩垫有什么好处sanhestory.com | 皮笑肉不笑是什么生肖hcv8jop7ns5r.cn | 71是什么意思hcv9jop1ns4r.cn | 小腿前侧肌肉叫什么cl108k.com | 焦糖色裤子配什么颜色上衣hcv8jop9ns1r.cn |
| 尿液有隐血是什么情况hcv7jop9ns1r.cn | 请产假需要什么材料hcv9jop1ns2r.cn | 脱毛膏的原理是什么gysmod.com | 总胆红素偏高什么意思hcv8jop0ns5r.cn | 一垒二垒三垒全垒打是什么意思hcv7jop9ns2r.cn |