mirror of
https://github.com/apache/superset.git
synced 2024-09-19 12:09:42 -04:00
39 lines
1.9 KiB
Markdown
39 lines
1.9 KiB
Markdown
# Security Policy
|
|
|
|
This is a project of the [Apache Software Foundation](https://apache.org) and follows the
|
|
ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
|
|
|
|
## Reporting Vulnerabilities
|
|
|
|
**⚠️ Please do not file GitHub issues for security vulnerabilities as they are public! ⚠️**
|
|
|
|
|
|
Apache Software Foundation takes a rigorous standpoint in annihilating the security issues
|
|
in its software projects. Apache Superset is highly sensitive and forthcoming to issues
|
|
pertaining to its features and functionality.
|
|
If you have any concern or believe you have found a vulnerability in Apache Superset,
|
|
please get in touch with the Apache Security Team privately at
|
|
e-mail address [security@apache.org](mailto:security@apache.org).
|
|
|
|
More details can be found on the ASF website at
|
|
[ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability)
|
|
|
|
We kindly ask you to include the following information in your report:
|
|
- Apache Superset version that you are using
|
|
- A sanitized copy of your `superset_config.py` file or any config overrides
|
|
- Detailed steps to reproduce the vulnerability
|
|
|
|
Note that Apache Superset is not responsible for any third-party dependencies that may
|
|
have security issues. Any vulnerabilities found in third-party dependencies should be
|
|
reported to the maintainers of those projects. Results from security scans of Apache
|
|
Superset dependencies found on its official Docker image can be remediated at release time
|
|
by extending the image itself.
|
|
|
|
**Your responsible disclosure and collaboration are invaluable.**
|
|
|
|
## Extra Information
|
|
|
|
- [Apache Superset documentation](https://superset.apache.org/docs/security)
|
|
- [Common Vulnerabilities and Exposures by release](https://superset.apache.org/docs/security/cves)
|
|
- [How Security Vulnerabilities are Reported & Handled in Apache Superset (Blog)](https://preset.io/blog/how-security-vulnerabilities-are-reported-and-handled-in-apache-superset/)
|