You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a project of the [Apache Software Foundation](https://apache.org/) and follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
4
+
5
+
We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them publicly.
6
+
7
+
# Reporting a Vulnerability
8
+
9
+
To report a new vulnerability you have discovered please follow the ASF [vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability).
10
+
11
+
# Security Model
12
+
13
+
Administrative users are always considered to be trusted. Reports for vulnerabilities where an attacker already has access to or control over any of the following will be rejected:
14
+
- Traffic Server binaries and/or scripts.
15
+
- Traffic Server configuration files.
16
+
17
+
Security-sensitive information may be logged with modified logging configurations, particularly if debug logging is enabled.
18
+
19
+
Experimental features and plugins are known unstable and not supposed to be used on production. We do not consider
20
+
vulnerabilities in those as security issues. You may report vulnerabilities in those publicly on our public lists or GitHub. However, please
21
+
contact us privately, if you believe the vulnerabilities you find are serious, or if you are not sure whether you should report the
0 commit comments