Hi guys We’ve come across a bug with potential security implications and in the spirit of responsible disclosure whats the best path for reporting it / submitting patches without making the issue public until a fixed version of Cassandra is released?
As a follow up I would propose that the Cassandra project should have secur...@cassandra.apache.org mailing address, where sensitive issues can be reported to the core dev team without it being made public. Regards Ben Bromhead Instaclustr | www.instaclustr.com | @instaclustr | +61 415 936 359
