From eccad3b7c72fd9eb85f4f37037d6e31d5159b101 Mon Sep 17 00:00:00 2001 From: He-Pin Date: Sun, 10 May 2026 02:31:24 +0800 Subject: [PATCH] docs: clarify security guidance Motivation: The security announcements page should use Apache Pekko-specific reporting guidance and keep readers on the Apache Pekko security announcements page for project security information. Modification: Clarify that issues affecting Apache Pekko and its predecessor project should be reported to the Apache Pekko team first, describe responsible disclosure coordination with affected upstream maintainers, and update the security-related documentation link to the Apache Pekko security announcements page. Result: The security documentation now avoids predecessor project branding in authored text, links to the Apache Pekko security announcements page, and better matches the Apache Pekko reporting process. Tests: - git diff --check / passed - sbt docs/paradox / passed with existing duplicate-anchor warnings in release notes only References: Upstream commit: https://github.com/akka/akka-core/commit/fe097c3bf8f2627beba2020de4941dc44af929c3, which is now Apache licensed Refs #31927 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- docs/src/main/paradox/security/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/src/main/paradox/security/index.md b/docs/src/main/paradox/security/index.md index c276c2e1dcd..dff04551ad3 100644 --- a/docs/src/main/paradox/security/index.md +++ b/docs/src/main/paradox/security/index.md @@ -14,12 +14,12 @@ We strongly encourage people to report such problems to our private security mai Please follow the [guidelines](https://www.apache.org/security/) laid down by the Apache Security team. -Ideally, any issues affecting Apache Pekko and Akka should be reported to Apache team first. We will share the -report with the Lightbend Akka team. +Ideally, any issues affecting Apache Pekko and its predecessor project should be reported to the Apache Pekko team +first. We will coordinate responsible disclosure with the affected upstream maintainers when needed. ## Security Related Documentation - * [Akka security fixes](https://akka.io/security) + * [Apache Pekko security announcements](https://pekko.apache.org/docs/pekko/current/security/) * @ref:[Java Serialization](../serialization.md#java-serialization) * @ref:[Remote deployment allow list](../remoting.md#remote-deployment-allow-list) * @ref:[Remote Security](../remote-security.md)