Hequan, thanks for your email. If you'd like to report a potential
security/privacy issue in Apache Cassandra, a few paths are available: – Email
priv...@cassandra.apache.org to report the issue privately to the Apache
Cassandra Project Management Committee, who can privately review your report
and engage in discussion without public disclosure. – Report the bug via Jira.
If you do not believe the issue rises to the level of a serious / exploitable
vulnerability and is merely a bug, details on how to create a Jira account to
file as a bug are here:
https://cassandra.apache.org/_/community.html#how-to-contribute – Apache
Software Foundation vulnerability management process. You are welcome to report
vulnerabilities directly to the Apache Software Foundation by emailing
secur...@apache.org as described at https://security.apache.org/projects/ , who
will invoke the Foundation's vulnerability management process in conjunction
with project maintainers. Note that this dev@ list is publicly archived and
searchable. Replies here will be indexed and accessible via public internet.
Thanks, – Scott On Jul 27, 2024, at 4:32 PM, musso...@sjtu.edu.cn wrote: Dear
Docker Repository Maintainer, I hope this message finds you well. My name is
Hequan Shi, and I am a researcher of the Network and System Security Lab (NSSL)
at Shanghai Jiao Tong University. We are currently conducting a thorough
security assessment of Docker Hub images as part of our ongoing research.
During our analysis, we have identified potential privacy leakage issues in the
following repositories associated with your email: -
apache/cassandra-testing-ubuntu2004-java11 -
apache/cassandra-testing-ubuntu2004-java11-w-dependencies If you are indeed the
maintainer of any or all of these repositories, we kindly request you to
contact us at your earliest convenience. We would like to provide you with
detailed information regarding the identified issues and assist you in
mitigating potential security risks. Thank you for your attention to this
matter. We look forward to your prompt response. Best regards, Hequan Shi
Network and System Security Lab (NSSL) Shanghai Jiao Tong University Email:
musso...@sjtu.edu.cn
