You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/02/09 20:00:28 UTC

svn commit: r1566352 - in /struts/site/branches/jekyll-powered: content/security.html old-content/xdoc/security.xml source/security.md

Author: lukaszlenart
Date: Sun Feb  9 19:00:28 2014
New Revision: 1566352

URL: http://svn.apache.org/r1566352
Log:
Converts security

Added:
    struts/site/branches/jekyll-powered/content/security.html
    struts/site/branches/jekyll-powered/source/security.md
Removed:
    struts/site/branches/jekyll-powered/old-content/xdoc/security.xml

Added: struts/site/branches/jekyll-powered/content/security.html
URL: http://svn.apache.org/viewvc/struts/site/branches/jekyll-powered/content/security.html?rev=1566352&view=auto
==============================================================================
--- struts/site/branches/jekyll-powered/content/security.html (added)
+++ struts/site/branches/jekyll-powered/content/security.html Sun Feb  9 19:00:28 2014
@@ -0,0 +1,149 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8"/>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+  <meta name="Date-Revision-yyyymmdd" content="20140206"/>
+  <meta http-equiv="Content-Language" content="en"/>
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+
+  <title>Security Issues</title>
+
+  <link rel="stylesheet" href="/bootstrap/css/bootstrap.css">
+  <link rel="stylesheet" href="/css/main.css">
+
+  <script type="text/javascript" src="/js/jquery-1.11.0.min.js"></script>
+  <script type="text/javascript" src="/bootstrap/js/bootstrap.js"></script>
+  <script type="text/javascript" src="/js/community.js"></script>
+</head>
+<body>
+
+<a href="http://github.com/apache/struts">
+  <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub">
+</a>
+
+<header>
+  <!-- Fixed navbar -->
+<nav>
+  <div class="navbar navbar-default navbar-fixed-top" role="navigation">
+    <div class="container">
+      <div class="navbar-collapse collapse">
+        <ul class="nav navbar-nav">
+
+          <li class="dropdown">
+            <a class="dropdown-toggle" data-toggle="dropdown" href="#">Apache Struts <b class="caret"></b></a>
+            <ul class="dropdown-menu">
+              <li><a href="index.html">Welcome</a></li>
+              <li><a href="downloads.html">Downloads</a></li>
+              <li><a href="announce.html">Announcements</a></li>
+              <li><a href="http://www.apache.org/licenses/">License</a></li>
+              <li><a href="http://apache.org/foundation/thanks.html">Thanks!</a></li>
+              <li><a href="http://apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+            </ul>
+          </li>
+
+          <li class="dropdown">
+            <a class="dropdown-toggle" data-toggle="dropdown" href="#">Support <b class="caret"></b></a>
+            <ul class="dropdown-menu">
+              <li><a href="mail.html">User Mailing List</a></li>
+              <li><a href="https://issues.apache.org/jira/browse/WW">Issue Tracker</a></li>
+              <li><a href="security.html">Reporting Security Issues</a></li>
+            </ul>
+          </li>
+
+          <li class="dropdown">
+            <a class="dropdown-toggle" data-toggle="dropdown" href="#">Documentation <b class="caret"></b></a>
+            <ul class="dropdown-menu">
+              <li><a href="birdseye.html">Birds Eye</a></li>
+              <li><a href="primer.html">Key Technologies</a></li>
+              <li><a href="kickstart.html">Kickstart FAQ</a></li>
+              <li><a href="https://cwiki.apache.org/confluence/display/WW/Home">Wiki</a></li>
+              <li><a href="http://struts.apache.org/release/2.3.x/index.html">Struts 2</a></li>
+              <li><a href="http://struts.apache.org/release/1.3.x/index.html">Struts 1</a></li>
+            </ul>
+          </li>
+
+          <li class="dropdown">
+            <a class="dropdown-toggle" data-toggle="dropdown" href="#">Contributing <b class="caret"></b></a>
+            <ul class="dropdown-menu">
+              <li><a href="youatstruts.html">You at Struts</a></li>
+              <li><a href="helping.html">How to Help FAQ</a></li>
+              <li><a href="dev-mail.html">Development Lists</a></li>
+              <li class="divider"></li>
+              <li><a href="git-for-struts.html">Git for Struts</a></li>
+              <li><a href="builds.html">Source Code</a></li>
+              <li><a href="coding-standards.html">Coding standards</a></li>
+              <li class="divider"></li>
+              <li><a href="releases.html">Release Guidelines</a></li>
+              <li><a href="bylaws.html">PMC Charter</a></li>
+              <li><a href="volunteers.html">Volunteers</a></li>
+              <li><a href="https://git-wip-us.apache.org/repos/asf?p=struts.git">Source Repository</a></li>
+            </ul>
+          </li>
+
+        </ul>
+      </div>
+      <!--/.nav-collapse -->
+    </div>
+  </div>
+</nav>
+
+  <div class="container">
+    <div class="row">
+      <div class="pull-left">
+        <a href="/" id="bannerLeft">
+          <img src="/img/struts.gif" alt="Apache Struts"/>
+        </a>
+      </div>
+      <div class="pull-right"><a href="http://www.apache.org" id="bannerRight">
+        <img src="/img/asf-logo.gif" alt="Apache Software Foundation"/>
+      </a>
+      </div>
+    </div>
+  </div>
+</header>
+
+
+<article class="container">
+  <section class="col-md-12">
+    <h1>Reporting New Security Issues with Apache Struts</h1>
+
+<p>The Apache Struts project takes a very active stance in eliminating security problems
+and denial of service attacks against applications using the Apache Struts framework.</p>
+
+<p><strong>We strongly encourage folks to report such security problems to our private security mailing list first,
+before disclosing them in a public forum</strong>.</p>
+
+<p>We cannot accept regular bug reports or other queries at this address, we ask that you use our
+<a href="https://issues.apache.org/jira/browse/WW">issue tracker (JIRA)</a> for those.
+<code>All mail sent to this address that does not relate to security problems in the Apache
+Struts source code will be ignored</code>.</p>
+
+<p>Note that all networked servers are subject to denial of service attacks, and we cannot promise magic
+workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting
+the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server
+to consume resources in a non-linear relationship to the size of inputs.</p>
+
+<p>The mailing address is: <a href="mailto:security@struts.apache.org">security@struts.apache.org</a></p>
+
+<p><a href="http://httpd.apache.org/docs/trunk/misc/security_tips.html">General network server security tips</a></p>
+
+<p><a href="http://www.apache.org/security/">The Apache Security Team</a></p>
+
+  </section>
+</article>
+
+  <hr/>
+<footer class="container">
+  <div class="row col-md-12 text-center">
+    Copyright &copy; 2000-2014 <a href="http://www.apache.org/">The Apache Software Foundation</a>. All Rights Reserved.
+  </div>
+  <div class="row col-md-12 text-center">
+    Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts
+    project logos are trademarks of The Apache Software Foundation.
+  </div>
+</footer>
+
+
+</body>
+</html>

Added: struts/site/branches/jekyll-powered/source/security.md
URL: http://svn.apache.org/viewvc/struts/site/branches/jekyll-powered/source/security.md?rev=1566352&view=auto
==============================================================================
--- struts/site/branches/jekyll-powered/source/security.md (added)
+++ struts/site/branches/jekyll-powered/source/security.md Sun Feb  9 19:00:28 2014
@@ -0,0 +1,28 @@
+---
+layout: default
+title: Security Issues
+---
+
+# Reporting New Security Issues with Apache Struts
+
+The Apache Struts project takes a very active stance in eliminating security problems
+and denial of service attacks against applications using the Apache Struts framework.
+
+**We strongly encourage folks to report such security problems to our private security mailing list first,
+before disclosing them in a public forum**.
+
+We cannot accept regular bug reports or other queries at this address, we ask that you use our
+[issue tracker (JIRA)](https://issues.apache.org/jira/browse/WW) for those.
+`All mail sent to this address that does not relate to security problems in the Apache
+Struts source code will be ignored`.
+
+Note that all networked servers are subject to denial of service attacks, and we cannot promise magic
+workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting
+the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server
+to consume resources in a non-linear relationship to the size of inputs.
+
+The mailing address is: [security@struts.apache.org](mailto:security@struts.apache.org)
+
+[General network server security tips](http://httpd.apache.org/docs/trunk/misc/security_tips.html)
+
+[The Apache Security Team](http://www.apache.org/security/)