Skip to main content
Version: v1.0

Reporting Security Issues

The Seata Group takes a rigorous standpoint in annihilating the security issues in its software projects. Seata is highly sensitive and forthcoming to issues pertaining to its features and functionality.

REPORTING VULNERABILITY

If you have apprehensions regarding Seata's security or you discover vulnerability or potential threat, don’t hesitate to get in touch with the Seata Security Team by reporting it to ASRC(Alibaba Security Response Center). In the report, specify the description of the issue or potential threat. You are also urged to recommend the way to reproduce and replicate the issue. The Seata community will get back to you after assessing and analysing the findings.

PLEASE PAY ATTENTION to report the security issue on ASRC(Alibaba Security Response Center) before disclosing it on public domain.

VULNERABILITY HANDLING

An overview of the vulnerability handling process is:

  • The reporter reports the vulnerability privately to Apache.
  • The appropriate project's security team works privately with the reporter to resolve the vulnerability.
  • A new release of the Apache product concerned is made that includes the fix.
  • The vulnerability is publically announced.