http://www.apache.org/security/
email secur...@apache.org since there isn't a Cassandra specific security list. This will also help with getting things like CVEs assigned and making sure balls are not dropped. On Tue, Dec 17, 2013 at 3:30 PM, Ben Bromhead <b...@instaclustr.com> wrote: > Hi guys > > We’ve come across a bug with potential security implications and in the > spirit of responsible disclosure whats the best path for reporting it / > submitting patches without making the issue public until a fixed version of > Cassandra is released? > > As a follow up I would propose that the Cassandra project should have > secur...@cassandra.apache.org mailing address, where sensitive issues can be > reported to the core dev team without it being made public. > > Regards > > Ben Bromhead > Instaclustr | www.instaclustr.com | @instaclustr | +61 415 936 359 >
