You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@freemarker.apache.org by dd...@apache.org on 2017/01/23 14:28:39 UTC
incubator-freemarker-site git commit: Added section about handling
security vulnerabilities to the Comitter how-to.
Repository: incubator-freemarker-site
Updated Branches:
refs/heads/master baf4f16ae -> 64c0ac3ba
Added section about handling security vulnerabilities to the Comitter how-to.
Project: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/commit/64c0ac3b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/tree/64c0ac3b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/diff/64c0ac3b
Branch: refs/heads/master
Commit: 64c0ac3ba51175bde5cff55b8e51d6cc67390ba3
Parents: baf4f16
Author: ddekany <dd...@apache.org>
Authored: Mon Jan 23 15:28:34 2017 +0100
Committer: ddekany <dd...@apache.org>
Committed: Mon Jan 23 15:28:34 2017 +0100
----------------------------------------------------------------------
src/main/docgen/book.xml | 24 +++++++++++++++++++++++-
1 file changed, 23 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/blob/64c0ac3b/src/main/docgen/book.xml
----------------------------------------------------------------------
diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml
index eb73e8c..8453053 100644
--- a/src/main/docgen/book.xml
+++ b/src/main/docgen/book.xml
@@ -538,7 +538,7 @@ two freemarker.jar-s and unpredictable behavior!
</section>
<section xml:id="report-security-vulnerabilities">
- <title>Report security vulnerabilities</title>
+ <title>Report security vulnerability</title>
<para>We strongly encourage to report security vulnerabilities to our
private mailing list first, rather than disclosing them in a public
@@ -553,6 +553,10 @@ two freemarker.jar-s and unpredictable behavior!
<para>If you want to report a bug that isn't an undisclosed security
vulnerability, please use <olink targetdoc="newBugReport">our regular
bug tracker</olink>.</para>
+
+ <para>Committers should <link
+ linkend="handle-security-vulnerabilities">see here</link> how to handle
+ reported security vulnerabilities.</para>
</section>
<section>
@@ -1877,6 +1881,24 @@ two freemarker.jar-s and unpredictable behavior!
the <literal>freemarker</literal> repository. About the same guide
lines apply to the site DocBook as well.</para>
</section>
+
+ <section xml:id="handle-security-vulnerabilities">
+ <title>Dealing with security vulnerabilities</title>
+
+ <para>If someone reports a security vulnerability, normally he
+ shouldn't do it on a public forum (<link
+ linkend="report-security-vulnerabilities">see how to report it
+ here</link>), and similarly we shouldn't discuss it on a public forum
+ (such as on the developer mailing list), but on the private mailing
+ list of the project. Thus the vulnerability can be fixed and released
+ before it's openly discussed. As a developer, you must not forget that
+ commits are also publicly visible. How to commit, release, and
+ communicate a concrete vulnerability should be discussed on the
+ private mailing lists of the project before doing publicly visible
+ moves. See <link
+ xlink:href="https://www.apache.org/security/committers.html">this
+ page</link> for further guidelines.</para>
+ </section>
</section>
</chapter>