diff --git a/msa/tb/docker-cassandra/Dockerfile b/msa/tb/docker-cassandra/Dockerfile
index 896825ffd0..2f23aec399 100644
--- a/msa/tb/docker-cassandra/Dockerfile
+++ b/msa/tb/docker-cassandra/Dockerfile
@@ -47,7 +47,7 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends wget nmap procps gnupg2 \
     && echo "deb http://apt.postgresql.org/pub/repos/apt/ $(. /etc/os-release && echo -n $VERSION_CODENAME)-pgdg main" | tee --append /etc/apt/sources.list.d/pgdg.list > /dev/null \
     && wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O- | apt-key add - \
-    && echo 'deb http://downloads.apache.org/cassandra/debian 40x main' | tee --append /etc/apt/sources.list.d/cassandra.list > /dev/null \
+    && echo "deb https://debian.cassandra.apache.org 40x main" | tee -a /etc/apt/sources.list.d/cassandra.sources.list > /dev/null \
     && wget -q https://downloads.apache.org/cassandra/KEYS -O- | apt-key add - \
     && apt-get update \
     && apt-get install -y --no-install-recommends cassandra cassandra-tools postgresql-${PG_MAJOR} \
diff --git a/security.md b/security.md
new file mode 100644
index 0000000000..9f917e5f00
--- /dev/null
+++ b/security.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsboard privately,
+to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible.
+
+To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability.
+Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime.
+Do not report non-security-impacting bugs through this channel. Use GitHub issues instead.
+
+**Proposed Email Content**
+Provide a descriptive subject line and in the body of the email include the following information:
+
+- Basic identity information, such as your name and your affiliation or company.
+- Detailed steps to reproduce the vulnerability (log errors, screenshots are all helpful to us).
+- Description of the effects of the vulnerability on Thingsboard.
\ No newline at end of file
diff --git a/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js b/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
index c309eb38aa..bc22e806c3 100644
--- a/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
+++ b/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
@@ -5026,6 +5026,21 @@ var JSHINT = (function() {
       return that;
     }, 20);
   }
+  function nullSafeProperty(s) {
+    console.log("test " + s);
+    symbol(s, 20).exps = true;
+    return infix(s, function(context, left, that) {
+      if (state.option.bitwise) {
+        warning("W016", that, that.id);
+      }
+
+      checkLeftSideAssign(context, left, that);
+
+      that.right = expression(context, 10);
+
+      return that;
+    }, 20);
+  }
   function suffix(s) {
     var x = symbol(s, 150);
 
@@ -5539,6 +5554,9 @@ var JSHINT = (function() {
   bitwiseassignop("<<=");
   bitwiseassignop(">>=");
   bitwiseassignop(">>>=");
+
+  nullSafeProperty(".?");
+
   infix(",", function(context, left, that) {
     if (state.option.nocomma) {
       warning("W127", that);
@@ -9450,6 +9468,12 @@ Lexer.prototype = {
 
     switch (ch1) {
     case ".":
+      if (ch1 === "." && this.peek(1) === "?") {
+        return {
+          type: Token.Punctuator,
+          value: ".?"
+        };
+      }
       if ((/^[0-9]$/).test(this.peek(1))) {
         return null;
       }