bneradt commented on code in PR #12328: URL: https://github.com/apache/trafficserver/pull/12328#discussion_r2178554113
########## SECURITY.md: ########## @@ -0,0 +1,22 @@ +# Security Policy + +This is a project of the [Apache Software Foundation](https://apache.org/) and follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling). + +We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them publickly. Review Comment: `publickly` -> `publicly ` ########## SECURITY.md: ########## @@ -0,0 +1,22 @@ +# Security Policy + +This is a project of the [Apache Software Foundation](https://apache.org/) and follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling). + +We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them publickly. + +# Reporting a Vulnerability + +To report a new vulnerability you have discovered please follow the ASF [vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). + +# Security Model + +Administrative users are always considered to be trusted. Reports for vulnerabilities where an attacker already has access to or control over any of the following will be rejected: +- Traffic Server binaries and/or scripts. +- Traffic Server configuration files. + +Security-sensitive information may be logged with modified logging configurations, particularly if debug logging is enabled. + +Experimental features and plugins are known unstable and not supposed to be used on production. We do not consider +vulnerabilities in those as secuirty issues. You may report vulnerabilities in those publicly on our public lists or GitHub. However, please Review Comment: `secuirty` -> `security` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
