You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2008/08/14 12:07:27 UTC
svn commit: r685838 - in /tomcat/site/trunk: docs/security.html
xdocs/security.xml
Author: markt
Date: Thu Aug 14 03:07:25 2008
New Revision: 685838
URL: http://svn.apache.org/viewvc?rev=685838&view=rev
Log:
Make purpose of security mailing list even clearer. Could now just provide a link to this page in response to non-issue mails to the security address.
Modified:
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/security.xml
Modified: tomcat/site/trunk/docs/security.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=685838&r1=685837&r2=685838&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Thu Aug 14 03:07:25 2008
@@ -262,17 +262,36 @@
<p>The Apache Software Foundation takes a very active stance in eliminating
security problems and denial of service attacks against Apache Tomcat.
</p>
+
<p>We strongly encourage folks to report such problems to our private
security mailing list first, before disclosing them in a public forum.</p>
<p>
-<strong>We cannot accept regular bug reports or other queries at this
- address, we ask that you use our <a href="bugreport.html">bug reporting
- page</a> for those. All mail sent to this address that does not relate to
- security problems in the Apache Tomcat source code will be ignored.
- </strong>
+<strong>Please note that the security mailing list should only be used
+ for reporting undisclosed security vulnerabilities in Apache Tomcat and
+ managing the process of fixing such vulnerabilities. We cannot accept
+ regular bug reports or other queries at this address. All mail sent to
+ this address that does not relate to an undisclosed security problem in
+ the Apache Tomcat source code will be ignored.</strong>
</p>
- <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
+
+ <p>If you need to report a bug that isn't an undisclosed security
+ vulnerability, please use the <a href="bugreport.html">bug reporting
+ page</a>.</p>
+
+ <p>Questions about:</p>
+ <ul>
+ <li>how to configure Tomcat securely</li>
+ <li>if a vulnerability applies to your particular application</li>
+ <li>obtaining further information on a published vulnerability</li>
+ <li>availability of patches and/or new releases</li>
+ </ul>
+ <p>should be address to the users mailing list. Please see the
+ <a href="lists.html">mailing lists</a> page for details of how to
+ subscribe.</p>
+
+ <p>The private security mailing address is:
+ <a href="mailto:security@tomcat.apache.org">
security@tomcat.apache.org</a>
</p>
Modified: tomcat/site/trunk/xdocs/security.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=685838&r1=685837&r2=685838&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Thu Aug 14 03:07:25 2008
@@ -48,15 +48,34 @@
<p>The Apache Software Foundation takes a very active stance in eliminating
security problems and denial of service attacks against Apache Tomcat.
</p>
+
<p>We strongly encourage folks to report such problems to our private
security mailing list first, before disclosing them in a public forum.</p>
- <p><strong>We cannot accept regular bug reports or other queries at this
- address, we ask that you use our <a href="bugreport.html">bug reporting
- page</a> for those. All mail sent to this address that does not relate to
- security problems in the Apache Tomcat source code will be ignored.
- </strong></p>
- <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
+ <p><strong>Please note that the security mailing list should only be used
+ for reporting undisclosed security vulnerabilities in Apache Tomcat and
+ managing the process of fixing such vulnerabilities. We cannot accept
+ regular bug reports or other queries at this address. All mail sent to
+ this address that does not relate to an undisclosed security problem in
+ the Apache Tomcat source code will be ignored.</strong></p>
+
+ <p>If you need to report a bug that isn't an undisclosed security
+ vulnerability, please use the <a href="bugreport.html">bug reporting
+ page</a>.</p>
+
+ <p>Questions about:</p>
+ <ul>
+ <li>how to configure Tomcat securely</li>
+ <li>if a vulnerability applies to your particular application</li>
+ <li>obtaining further information on a published vulnerability</li>
+ <li>availability of patches and/or new releases</li>
+ </ul>
+ <p>should be address to the users mailing list. Please see the
+ <a href="lists.html">mailing lists</a> page for details of how to
+ subscribe.</p>
+
+ <p>The private security mailing address is:
+ <a href="mailto:security@tomcat.apache.org">
security@tomcat.apache.org</a></p>
<p>Note that all networked servers are subject to denial of service attacks,
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: svn commit: r685838 - in /tomcat/site/trunk: docs/security.html
xdocs/security.xml
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
I love the way you phrased this, httpd should steal this for our site :)
Bill
markt@apache.org wrote:
> Author: markt
> Date: Thu Aug 14 03:07:25 2008
> New Revision: 685838
>
> URL: http://svn.apache.org/viewvc?rev=685838&view=rev
> Log:
> Make purpose of security mailing list even clearer. Could now just provide a link to this page in response to non-issue mails to the security address.
>
> Modified:
> tomcat/site/trunk/docs/security.html
> tomcat/site/trunk/xdocs/security.xml
>
> Modified: tomcat/site/trunk/docs/security.html
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=685838&r1=685837&r2=685838&view=diff
> ==============================================================================
> --- tomcat/site/trunk/docs/security.html (original)
> +++ tomcat/site/trunk/docs/security.html Thu Aug 14 03:07:25 2008
> @@ -262,17 +262,36 @@
> <p>The Apache Software Foundation takes a very active stance in eliminating
> security problems and denial of service attacks against Apache Tomcat.
> </p>
> +
> <p>We strongly encourage folks to report such problems to our private
> security mailing list first, before disclosing them in a public forum.</p>
>
> <p>
> -<strong>We cannot accept regular bug reports or other queries at this
> - address, we ask that you use our <a href="bugreport.html">bug reporting
> - page</a> for those. All mail sent to this address that does not relate to
> - security problems in the Apache Tomcat source code will be ignored.
> - </strong>
> +<strong>Please note that the security mailing list should only be used
> + for reporting undisclosed security vulnerabilities in Apache Tomcat and
> + managing the process of fixing such vulnerabilities. We cannot accept
> + regular bug reports or other queries at this address. All mail sent to
> + this address that does not relate to an undisclosed security problem in
> + the Apache Tomcat source code will be ignored.</strong>
> </p>
> - <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
> +
> + <p>If you need to report a bug that isn't an undisclosed security
> + vulnerability, please use the <a href="bugreport.html">bug reporting
> + page</a>.</p>
> +
> + <p>Questions about:</p>
> + <ul>
> + <li>how to configure Tomcat securely</li>
> + <li>if a vulnerability applies to your particular application</li>
> + <li>obtaining further information on a published vulnerability</li>
> + <li>availability of patches and/or new releases</li>
> + </ul>
> + <p>should be address to the users mailing list. Please see the
> + <a href="lists.html">mailing lists</a> page for details of how to
> + subscribe.</p>
> +
> + <p>The private security mailing address is:
> + <a href="mailto:security@tomcat.apache.org">
> security@tomcat.apache.org</a>
> </p>
>
>
> Modified: tomcat/site/trunk/xdocs/security.xml
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=685838&r1=685837&r2=685838&view=diff
> ==============================================================================
> --- tomcat/site/trunk/xdocs/security.xml (original)
> +++ tomcat/site/trunk/xdocs/security.xml Thu Aug 14 03:07:25 2008
> @@ -48,15 +48,34 @@
> <p>The Apache Software Foundation takes a very active stance in eliminating
> security problems and denial of service attacks against Apache Tomcat.
> </p>
> +
> <p>We strongly encourage folks to report such problems to our private
> security mailing list first, before disclosing them in a public forum.</p>
>
> - <p><strong>We cannot accept regular bug reports or other queries at this
> - address, we ask that you use our <a href="bugreport.html">bug reporting
> - page</a> for those. All mail sent to this address that does not relate to
> - security problems in the Apache Tomcat source code will be ignored.
> - </strong></p>
> - <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
> + <p><strong>Please note that the security mailing list should only be used
> + for reporting undisclosed security vulnerabilities in Apache Tomcat and
> + managing the process of fixing such vulnerabilities. We cannot accept
> + regular bug reports or other queries at this address. All mail sent to
> + this address that does not relate to an undisclosed security problem in
> + the Apache Tomcat source code will be ignored.</strong></p>
> +
> + <p>If you need to report a bug that isn't an undisclosed security
> + vulnerability, please use the <a href="bugreport.html">bug reporting
> + page</a>.</p>
> +
> + <p>Questions about:</p>
> + <ul>
> + <li>how to configure Tomcat securely</li>
> + <li>if a vulnerability applies to your particular application</li>
> + <li>obtaining further information on a published vulnerability</li>
> + <li>availability of patches and/or new releases</li>
> + </ul>
> + <p>should be address to the users mailing list. Please see the
> + <a href="lists.html">mailing lists</a> page for details of how to
> + subscribe.</p>
> +
> + <p>The private security mailing address is:
> + <a href="mailto:security@tomcat.apache.org">
> security@tomcat.apache.org</a></p>
>
> <p>Note that all networked servers are subject to denial of service attacks,
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Re: svn commit: r685838 - in /tomcat/site/trunk: docs/security.html
xdocs/security.xml
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
I love the way you phrased this, httpd should steal this for our site :)
Bill
markt@apache.org wrote:
> Author: markt
> Date: Thu Aug 14 03:07:25 2008
> New Revision: 685838
>
> URL: http://svn.apache.org/viewvc?rev=685838&view=rev
> Log:
> Make purpose of security mailing list even clearer. Could now just provide a link to this page in response to non-issue mails to the security address.
>
> Modified:
> tomcat/site/trunk/docs/security.html
> tomcat/site/trunk/xdocs/security.xml
>
> Modified: tomcat/site/trunk/docs/security.html
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=685838&r1=685837&r2=685838&view=diff
> ==============================================================================
> --- tomcat/site/trunk/docs/security.html (original)
> +++ tomcat/site/trunk/docs/security.html Thu Aug 14 03:07:25 2008
> @@ -262,17 +262,36 @@
> <p>The Apache Software Foundation takes a very active stance in eliminating
> security problems and denial of service attacks against Apache Tomcat.
> </p>
> +
> <p>We strongly encourage folks to report such problems to our private
> security mailing list first, before disclosing them in a public forum.</p>
>
> <p>
> -<strong>We cannot accept regular bug reports or other queries at this
> - address, we ask that you use our <a href="bugreport.html">bug reporting
> - page</a> for those. All mail sent to this address that does not relate to
> - security problems in the Apache Tomcat source code will be ignored.
> - </strong>
> +<strong>Please note that the security mailing list should only be used
> + for reporting undisclosed security vulnerabilities in Apache Tomcat and
> + managing the process of fixing such vulnerabilities. We cannot accept
> + regular bug reports or other queries at this address. All mail sent to
> + this address that does not relate to an undisclosed security problem in
> + the Apache Tomcat source code will be ignored.</strong>
> </p>
> - <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
> +
> + <p>If you need to report a bug that isn't an undisclosed security
> + vulnerability, please use the <a href="bugreport.html">bug reporting
> + page</a>.</p>
> +
> + <p>Questions about:</p>
> + <ul>
> + <li>how to configure Tomcat securely</li>
> + <li>if a vulnerability applies to your particular application</li>
> + <li>obtaining further information on a published vulnerability</li>
> + <li>availability of patches and/or new releases</li>
> + </ul>
> + <p>should be address to the users mailing list. Please see the
> + <a href="lists.html">mailing lists</a> page for details of how to
> + subscribe.</p>
> +
> + <p>The private security mailing address is:
> + <a href="mailto:security@tomcat.apache.org">
> security@tomcat.apache.org</a>
> </p>
>
>
> Modified: tomcat/site/trunk/xdocs/security.xml
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=685838&r1=685837&r2=685838&view=diff
> ==============================================================================
> --- tomcat/site/trunk/xdocs/security.xml (original)
> +++ tomcat/site/trunk/xdocs/security.xml Thu Aug 14 03:07:25 2008
> @@ -48,15 +48,34 @@
> <p>The Apache Software Foundation takes a very active stance in eliminating
> security problems and denial of service attacks against Apache Tomcat.
> </p>
> +
> <p>We strongly encourage folks to report such problems to our private
> security mailing list first, before disclosing them in a public forum.</p>
>
> - <p><strong>We cannot accept regular bug reports or other queries at this
> - address, we ask that you use our <a href="bugreport.html">bug reporting
> - page</a> for those. All mail sent to this address that does not relate to
> - security problems in the Apache Tomcat source code will be ignored.
> - </strong></p>
> - <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
> + <p><strong>Please note that the security mailing list should only be used
> + for reporting undisclosed security vulnerabilities in Apache Tomcat and
> + managing the process of fixing such vulnerabilities. We cannot accept
> + regular bug reports or other queries at this address. All mail sent to
> + this address that does not relate to an undisclosed security problem in
> + the Apache Tomcat source code will be ignored.</strong></p>
> +
> + <p>If you need to report a bug that isn't an undisclosed security
> + vulnerability, please use the <a href="bugreport.html">bug reporting
> + page</a>.</p>
> +
> + <p>Questions about:</p>
> + <ul>
> + <li>how to configure Tomcat securely</li>
> + <li>if a vulnerability applies to your particular application</li>
> + <li>obtaining further information on a published vulnerability</li>
> + <li>availability of patches and/or new releases</li>
> + </ul>
> + <p>should be address to the users mailing list. Please see the
> + <a href="lists.html">mailing lists</a> page for details of how to
> + subscribe.</p>
> +
> + <p>The private security mailing address is:
> + <a href="mailto:security@tomcat.apache.org">
> security@tomcat.apache.org</a></p>
>
> <p>Note that all networked servers are subject to denial of service attacks,
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org