(cloudberry) branch main updated: Doc: update the SECURITY.md

[maxyang]

This is an automated email from the ASF dual-hosted git repository.

maxyang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudberry.git


The following commit(s) were added to refs/heads/main by this push:
     new 04e8348331 Doc: update the SECURITY.md
04e8348331 is described below

commit 04e8348331905f53b9b43ddd5815395cacc3dc39
Author: Dianjin Wang <wangdian...@gmail.com>
AuthorDate: Thu Dec 12 14:52:56 2024 +0800

    Doc: update the SECURITY.md
    
    Update the SECURITY.md to one newer version, which has been published
    on the Cloudberry website[1].
    
    [1]: https://cloudberry.apache.org/community/security/.
---
 SECURITY.md | 44 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 5 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 19f7b57b6a..c12a9bab13 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,8 +1,42 @@
 # Security Policy
 
-The Apache Cloudberry (Incubating) project follows the standard processes as
-set out by the [ASF security team](https://www.apache.org/security/).
+The Apache Security Team handles all security issues across Apache projects and
+coordinates the response to vulnerabilities. For details on the vulnerability
+handling process, supported versions, and what is considered a security issue,
+visit: https://www.apache.org/security/.
 
-Please report any security issues to
-[priv...@cloudberry.apache.org](mailto:priv...@cloudberry.apache.org) or to
-[secur...@apache.org](mailto:secur...@apache.org).
+## Do not
+
+For better collaboration, we hope you:
+
+- DO NOT report non-security-impacting bugs through this channel. If you have
+  any questions on using, development, please use [GitHub
+  Issues](https://github.com/apache/cloudberry/issues),
+  [Discussions](https://github.com/apache/cloudberry/discussions), [Dev mailing
+  list](https://cloudberry.apache.org/community/mailing-lists) or
+  [Slack](https://inviter.co/apache-cloudberry) instead.
+- DO NOT report security issues on public GitHub Issues, Jira tickets, mailing
+  lists, or other public forums.
+
+## Reporting Security Issues
+
+Send your report to: [secur...@apache.org](mailto:secur...@apache.org).
+
+Please send one plain-text email per vulnerability with the following and
+additional information as necessary (as much as you can provide):
+
+- Description of the vulnerability
+- Steps to reproduce
+- Affected versions
+- Potential impact
+- Any known mitigations
+- (Optional) Suggested fix
+
+## Public Discussion
+
+For general security questions or discussions, please use the development
+mailing list: [d...@cloudberry.apache.org](mailto:d...@cloudberry.apache.org)
+
+## Preferred Languages
+
+We prefer all communications to be in English.


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cloudberry.apache.org
For additional commands, e-mail: commits-h...@cloudberry.apache.org