You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2022/02/19 18:26:31 UTC
[ofbiz-site] 02/02: Adds a mention about sending vulerabilities reports one by one and not packed
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
commit 73b9e9ec17bcba48fa3e6f8f1efd3d9b5dd56c95
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Feb 19 19:26:09 2022 +0100
Adds a mention about sending vulerabilities reports one by one and not packed
---
download.html | 4 +++-
security.html | 3 ++-
template/page/download.tpl.php | 4 +++-
template/page/security.tpl.php | 3 ++-
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/download.html b/download.html
index 2e3c5c7..3223c7a 100644
--- a/download.html
+++ b/download.html
@@ -277,7 +277,9 @@ available <a href="security.html">here</a></p>
<a href="https://downloads.apache.org/ofbiz/KEYS" target="external">[KEYS]</a>
<a href="release-notes-18.12.05.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org), before disclosing them in a public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org),
+ before disclosing them in a public forum. Please don't pack several vulnerabilities in the same report, send them one by one, thanks in advance.</strong></p>
+
<p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for that.</a></strong></p>
diff --git a/security.html b/security.html
index 89717e4..5e3e608 100644
--- a/security.html
+++ b/security.html
@@ -131,7 +131,8 @@
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p>
- <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org), before disclosing them in a public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org),
+ before disclosing them in a public forum. Please don't pack several vulnerabilities in the same report, send them one by one, thanks in advance.</strong></p>
<p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for that.</a></strong></p>
diff --git a/template/page/download.tpl.php b/template/page/download.tpl.php
index 281c20b..5affad8 100644
--- a/template/page/download.tpl.php
+++ b/template/page/download.tpl.php
@@ -166,7 +166,9 @@ available <a href="security.html">here</a></p>
<a href="https://downloads.apache.org/ofbiz/KEYS" target="external">[KEYS]</a>
<a href="release-notes-18.12.05.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org), before disclosing them in a public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org),
+ before disclosing them in a public forum. Please don't pack several vulnerabilities in the same report, send them one by one, thanks in advance.</strong></p>
+
<p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for that.</a></strong></p>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 15a855c..33d20ce 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -20,7 +20,8 @@
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security" target="external">ASF Security Team webpage</a> for further information about reporting a security vulnerability as well as their contact information. </p>
- <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org), before disclosing them in a public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security problems affecting OFBiz to the private security mailing lists (either security@ofbiz.apache.org or security@apache.org),
+ before disclosing them in a public forum. Please don't pack several vulnerabilities in the same report, send them one by one, thanks in advance.</strong></p>
<p>Note that we no longer create CVEs for post-auth attacks done using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p"> Rather create bugs reports in our issue tracker (Jira) for that.</a></strong></p>