forked from apache/airflow
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[AIRFLOW-XXX] Add .github/SECURITY.md (apache#5329)
This commit adds a .github/SECURITY.md file that defines the contents of the "Policy" tab in the new "Security" section of the GitHub interface. Currently the Policy tab obtains its content from the docs/security.rst file, which contains technical, non-policy related information. This commit retains the "Reporting Vulnerabilities" section of docs/security.rst, which is relevant, and strips the extraneous content.
- Loading branch information
Showing
2 changed files
with
27 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| Reporting Vulnerabilities | ||
| ------------------------- | ||
|
|
||
| **⚠️ Please do not file Jira issues for security vulnerabilities as they are public! ⚠️** | ||
|
|
||
| The Apache Software Foundation takes security issues very seriously. Apache | ||
| Airflow specifically offers security features and is responsive to issues | ||
| around its features. If you have any concern around Airflow Security or believe | ||
| you have uncovered a vulnerability, we suggest that you get in touch via the | ||
| e-mail address [email protected]. In the message, try to provide a | ||
| description of the issue and ideally a way of reproducing it. The security team | ||
| will get back to you after assessing the description. | ||
|
|
||
| Note that this security address should be used only for undisclosed | ||
| vulnerabilities. Dealing with fixed issues or general questions on how to use | ||
| the security features should be handled regularly via the user and the dev | ||
| lists. Please report any security problems to the project security address | ||
| before disclosing it publicly. | ||
|
|
||
| The `ASF Security team's page <https://www.apache.org/security/>`_ describes | ||
| how vulnerability reports are handled, and includes PGP keys if you wish to use | ||
| that. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,6 +18,11 @@ | |
| Security | ||
| ======== | ||
|
|
||
| .. include:: ../.github/SECURITY.rst | ||
|
|
||
| Web Authentication | ||
| ------------------ | ||
|
|
||
| By default, Airflow requires users to specify a password prior to login. You can use the | ||
| following CLI commands to create an account: | ||
|
|
||
|
|
@@ -38,30 +43,6 @@ Be sure to checkout :doc:`api` for securing the API. | |
| environment variables) as ``%%``, otherwise Airflow might leak these | ||
| passwords on a config parser exception to a log. | ||
|
|
||
| Reporting Vulnerabilities | ||
| ------------------------- | ||
|
|
||
| The Apache Software Foundation takes security issues very seriously. Apache | ||
| Airflow specifically offers security features and is responsive to issues | ||
| around its features. If you have any concern around Airflow Security or believe | ||
| you have uncovered a vulnerability, we suggest that you get in touch via the | ||
| e-mail address [email protected]. In the message, try to provide a | ||
| description of the issue and ideally a way of reproducing it. The security team | ||
| will get back to you after assessing the description. | ||
|
|
||
| Note that this security address should be used only for undisclosed | ||
| vulnerabilities. Dealing with fixed issues or general questions on how to use | ||
| the security features should be handled regularly via the user and the dev | ||
| lists. Please report any security problems to the project security address | ||
| before disclosing it publicly. | ||
|
|
||
| The `ASF Security team's page <https://www.apache.org/security/>`_ describes | ||
| how vulnerability reports are handled, and includes PGP keys if you wish to use | ||
| that. | ||
|
|
||
| Web Authentication | ||
| ------------------ | ||
|
|
||
| Password | ||
| '''''''' | ||
|
|
||
|
|
||