Private reporting of security vulnerability

apache / incubator-heron

Apache Heron (Incubating) is a realtime, distributed, fault-tolerant stream processing engine from Twitter

https://heron.apache.org/

Apache License 2.0

3.65k stars 599 forks source link

Private reporting of security vulnerability #3862

Closed Sim4n6 closed 1 year ago

Sim4n6 commented 1 year ago

Hi Incubatore-heron team,

I may have identified a security vulnerability in the latest code source. Could you please consider enabling the "Private reporting of security vulnerability" feature in GitHub, so I could proceed privately?

Many thanks for considering my request.

Sim4n6 commented 1 year ago

joshfischer1108 commented 1 year ago

That's for your message, @Sim4n6. Since Heron is an Apache project we need to follow the Apache process for reporting vulnerabilities.
You can find more detail here: https://www.apache.org/security/

Sim4n6 commented 1 year ago

In sum, I send the report to security@apache.org ?

joshfischer1108 commented 1 year ago

Yes, thank you.