You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@tomee.apache.org by bu...@apache.org on 2014/02/19 16:20:48 UTC

svn commit: r898535 - in /websites/staging/tomee/trunk: cgi-bin/ content/ content/security/index.html

Author: buildbot
Date: Wed Feb 19 15:20:48 2014
New Revision: 898535

Log:
Staging update by buildbot for tomee

Modified:
    websites/staging/tomee/trunk/cgi-bin/   (props changed)
    websites/staging/tomee/trunk/content/   (props changed)
    websites/staging/tomee/trunk/content/security/index.html

Propchange: websites/staging/tomee/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Feb 19 15:20:48 2014
@@ -1 +1 @@
-1569751
+1569783

Propchange: websites/staging/tomee/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Feb 19 15:20:48 2014
@@ -1 +1 @@
-1569751
+1569783

Modified: websites/staging/tomee/trunk/content/security/index.html
==============================================================================
--- websites/staging/tomee/trunk/content/security/index.html (original)
+++ websites/staging/tomee/trunk/content/security/index.html Wed Feb 19 15:20:48 2014
@@ -203,22 +203,34 @@ we will consider packaging a new securit
 to adopt the following versionning <em>major</em>.<em>minor</em>.<em>patch</em>[.<em>security</em>]</p>
 
 <ul>
-<li>major ([0-9]+)</li>
-<li>minor ([0-9]+)</li>
-<li>patch ([0-9]+)</li>
-<li>security update (su[0-9]+)?</li>
+<li>major ([0-9]+): it refers mainly to the Java EE version we implement. 1.x for Java EE 6 for example.</li>
+<li>minor ([0-9]+): contains features, bugfixes and security fixes (internal or third-party)</li>
+<li>patch ([0-9]+): only bugfixes applied</li>
+<li>security update (su[0-9]+)?: security update suffix that makes it possible to easily differentiate security fixes and
+to upgrade with a minimal of changes, hence impacts.</li>
 </ul>
 
+<p>The last security update part is optional, and applies when a sub project has been released and was under an
+advisory. The TomEE team will just grab the related tag and update the dependency. The release checks are then
+smaller and the community can deliver a fixed version faster.</p>
+
 <h2>Additional information</h2>
 
 <h3>Secunia</h3>
 
+<p>Secunia is an international IT security company specialising in vulnerability management based in Copenhagen, Denmark.</p>
+
+<p>There is an <a href="http://secunia.com/advisories/vendor/8/">Apache Software Foundation vendor</a> declared so you can follow
+all vulnarabilities related to Apache products. Of course, a Apache TomEE product
+is also available so you can search for know advisories.</p>
+
 <h3>Links</h3>
 
 <ul>
 <li><a href="http://apache.org/security/">http://apache.org/security/</a></li>
 <li><a href="http://apache.org/security/projects.html">http://apache.org/security/projects.html</a></li>
 <li><a href="http://apache.org/security/committers.html">http://apache.org/security/committers.html</a></li>
+<li><a href="http://cve.mitre.org/">Common Vulnerabilities and Exposures database</a></li>
 </ul>