You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2013/10/09 07:34:47 UTC
svn commit: r1530496 - in /sling/site/trunk/content:
project-information/security.mdtext site/.htaccess site/security.html
Author: cziegeler
Date: Wed Oct 9 05:34:46 2013
New Revision: 1530496
URL: http://svn.apache.org/r1530496
Log:
Update security page
Removed:
sling/site/trunk/content/site/security.html
Modified:
sling/site/trunk/content/project-information/security.mdtext
sling/site/trunk/content/site/.htaccess
Modified: sling/site/trunk/content/project-information/security.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/project-information/security.mdtext?rev=1530496&r1=1530495&r2=1530496&view=diff
==============================================================================
--- sling/site/trunk/content/project-information/security.mdtext (original)
+++ sling/site/trunk/content/project-information/security.mdtext Wed Oct 9 05:34:46 2013
@@ -1,4 +1,3 @@
-translation_pending: true
Title: Security
# Reporting New Security Problems with Apache Sling
@@ -24,8 +23,13 @@ The private security mailing address is:
Note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs.
-For more information on handling security issues at the Apache Software Foundation please refer to the [ASF Security Team](http://www.apache.org/security/) page.
+For more information on handling security issues at the Apache Software Foundation please refer to the [ASF Security Team](http://www.apache.org/security/) page and to the [security process description for committers](http://www.apache.org/security/committers.html).
# Errors and omissions
-Please report any errors or omissions to security(at)sling.apache.org.
\ No newline at end of file
+Please report any errors or omissions to security(at)sling.apache.org.
+
+# Previously reported security issues
+
+* CVE-2012-2138 - Apache Sling denial of service vulnerability (July 6th, 2012), see [http://s.apache.org/CVE-2012-2138](http://s.apache.org/CVE-2012-2138)
+* CVE-2013-2254 - Apache Sling denial of service vulnerability (October 9th, 2013), see [http://s.apache.org/CVE-2013-2254](http://s.apache.org/CVE-2013-2254)
\ No newline at end of file
Modified: sling/site/trunk/content/site/.htaccess
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/site/.htaccess?rev=1530496&r1=1530495&r2=1530496&view=diff
==============================================================================
--- sling/site/trunk/content/site/.htaccess (original)
+++ sling/site/trunk/content/site/.htaccess Wed Oct 9 05:34:46 2013
@@ -62,4 +62,5 @@ Redirect Permanent /site/bundle-resource
Redirect Permanent /site/client-request-logging.html /documentation/development/client-request-logging.html
Redirect Permanent /site/assembly.html /old-stuff/assembly.html
Redirect Permanent /site/media.html /
-Redirect Permanent /site/plugins.html /
\ No newline at end of file
+Redirect Permanent /site/plugins.html /
+Redirect Permanent /site/security.html /project-information/security.html