Hi Jackson, thanks for reaching out. Details on the ASF responsible disclosure process can be 
found here: https://apache.org/security/#reporting-a-vulnerability Thanks for your team's 
proactive attention to responsible disclosure. ASF and Apache Cassandra are happy to triage and 
investigate any vulnerability reported in the project. Cheers, – Scott On May 20, 2025, at 4:20 
PM, "Fleming, Jackson via user" <user@cassandra.apache.org> wrote: Hi everyone, 
We’re looking at the Apache Cassandra Sidecar project ( 
https://github.com/apache/cassandra-sidecar ), our security team has asked us in the event of a 
vulnerability being found, would that be disclosed via the github security advisory system, or 
would it be disclosed via another mechanism? I couldn’t really find any details in the repo, as 
it’s a very new project I can imagine it’s not something that’s been thought about yet. 
Regards, Jackson

Reply via email to