Hi Jackson, thanks for reaching out. Details on the ASF responsible disclosure process can be
found here: https://apache.org/security/#reporting-a-vulnerability Thanks for your team's
proactive attention to responsible disclosure. ASF and Apache Cassandra are happy to triage and
investigate any vulnerability reported in the project. Cheers, – Scott On May 20, 2025, at 4:20
PM, "Fleming, Jackson via user" <user@cassandra.apache.org> wrote: Hi everyone,
We’re looking at the Apache Cassandra Sidecar project (
https://github.com/apache/cassandra-sidecar ), our security team has asked us in the event of a
vulnerability being found, would that be disclosed via the github security advisory system, or
would it be disclosed via another mechanism? I couldn’t really find any details in the repo, as
it’s a very new project I can imagine it’s not something that’s been thought about yet.
Regards, Jackson