adae12ff95
* and some additional clarifications * and some cleanup of wrong rst format (cherry picked from commit a79bfbf941e5129fcf21d8a9e29d1ae1c55e39a0)
36 lines
No EOL
1.3 KiB
ReStructuredText
36 lines
No EOL
1.3 KiB
ReStructuredText
Security Announcements
|
|
======================
|
|
|
|
Receiving Security Advisories
|
|
-----------------------------
|
|
|
|
The best way to receive any and all security announcements is to subscribe to the `Akka security list <https://groups.google.com/forum/#!forum/akka-security>`_.
|
|
|
|
The mailing list is very low traffic, and receives notifications only after security reports have been managed by the core team and fixes are publicly available.
|
|
|
|
Reporting Vulnerabilities
|
|
-------------------------
|
|
|
|
We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum.
|
|
|
|
Following best practice, we strongly encourage anyone to report potential security
|
|
vulnerabilities to security@akka.io before disclosing them in a public forum like the mailing list or as a Github issue.
|
|
|
|
Reports to this email address will be handled by our security team, who will work together with you
|
|
to ensure that a fix can be provided without delay.
|
|
|
|
Security Related Documentation
|
|
------------------------------
|
|
|
|
* :ref:`disable-java-serializer-scala`
|
|
* :ref:`remote-deployment-whitelist-scala`
|
|
* :ref:`remote-security-scala`
|
|
|
|
|
|
Fixed Security Vulnerabilities
|
|
------------------------------
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
2017-02-10-java-serialization |