You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by ri...@apache.org on 2017/02/10 17:04:26 UTC
svn commit: r1782490 [2/4] - in /brooklyn/site: ./ community/
community/security/ contributing/ developers/ developers/code/
developers/committers/ developers/committers/release-process/
documentation/ download/ learnmore/ learnmore/catalog/ learnmore/...
Added: brooklyn/site/community/security/CVE-2017-3165.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/security/CVE-2017-3165.html?rev=1782490&view=auto
==============================================================================
--- brooklyn/site/community/security/CVE-2017-3165.html (added)
+++ brooklyn/site/community/security/CVE-2017-3165.html Fri Feb 10 17:04:25 2017
@@ -0,0 +1,795 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+
+<head>
+
+
+<title>CVE-2017-3165: Cross-site vulnerabilities in Apache Brooklyn - Apache Brooklyn</title>
+
+<meta http-equiv="content-type" content="text/html; charset=utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
+<link href="/style/deps/octicons/octicons.css" rel="stylesheet">
+<link href="/style/deps/bootstrap-theme.css" rel="stylesheet">
+
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
+<script src="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+<script type="text/javascript" src="/style/deps/jquery.cookie.js"></script>
+
+
+
+<link rel="stylesheet" href="/style/css/code.css" type="text/css" media="screen" />
+<link href="/style/css/website.css" rel="stylesheet">
+
+
+
+</head>
+
+
+<body>
+
+<nav class="navbar navbar-default navbar-fixed-top" id="header" role="navigation">
+ <div class="container-and-sidebars">
+
+ <div class="container-sidebar-left feather">
+ <a href="http://www.apache.org/">
+ <img src="/style/img/feather.png" alt="[Apache]" width="80" class="flip navbar-feather">
+ </a>
+ </div>
+
+ <div class="container container-between-sidebars top-menu">
+ <div class="container-fluid">
+ <!-- Brand and toggle get grouped for better mobile display -->
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/"><img src="/style/img/apache-brooklyn-logo-244px-wide.png" alt="brooklyn"></a>
+ </div>
+
+ <!-- Collect the nav links, forms, and other content for toggling -->
+ <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
+ <ul class="nav navbar-nav navbar-right">
+
+
+ <li class="dropdown">
+ <a href="/learnmore/index.html">learn more</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/learnmore/index.html">Learn More</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/learnmore/blueprint-tour.html">Blueprint Tour
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/features/index.html">Features
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/theory.html">Theory
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/catalog/index.html">Browse Catalog
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="">
+ <a href="/download/index.html">download</a>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/v/latest/start/index.html">get started</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/v/latest/start/index.html">Get Started</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/start/running.html">Running Apache Brooklyn
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/blueprints.html">Deploying Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/managing.html">Monitoring and Managing Applications
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/policies.html">Policies
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/concept-quickstart.html">Brooklyn Concepts Quickstart
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/documentation/index.html">documentation</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/documentation/index.html">Documentation</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/index.html">User Guide
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/yaml/creating-yaml.html">YAML Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/java/index.html">Java Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/ops/index.html">Operations
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <div class="dropdown_new_section"><hr></div>
+
+ <a href="/meta/versions.html">Versions
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/documentation/other-docs.html">Other Resources
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/community/index.html">community</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/community/index.html">Community</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/community/mailing-lists.html">Mailing Lists
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/irc.html">IRC
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/how-to-contribute-docs.html">Contributing Documentation
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/developers/index.html">developers</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/developers/index.html">Developers</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/developers/code/index.html">Get the Code
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/how-to-contribute.html">How to Contribute
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/committers/index.html">Committer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/code-standards.html">Code Standards
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/links.html">Handy Places
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="http://github.com/apache/brooklyn">GitHub
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+ </ul>
+ </div><!-- /.navbar-collapse -->
+ </div><!-- /.container-fluid -->
+ </div><!-- /.container -->
+
+ <div class="container-sidebar-right">
+ <div class="navbar-sidebar-right-icons">
+ <a href="https://github.com/apache/brooklyn" class="navbar-icon navbar-icon-shift icon-github"
+ data-toggle="tooltip" data-placement="bottom" title="GitHub: apache/brooklyn"/>
+ <a href="https://twitter.com/#!/search?q=brooklyncentral" class="navbar-icon navbar-icon-shift icon-twitter"
+ data-toggle="tooltip" data-placement="bottom" title="Twitter: @brooklyncentral"/>
+ <a href="http://webchat.freenode.net/?channels=brooklyncentral" class="navbar-icon icon-irc"
+ data-toggle="tooltip" data-placement="bottom" title="IRC: freenode #brooklyncentral"/>
+ <!-- extra a element seems needed as landing page seems to copy the last element here (!?)
+ -->
+ <a href="/" style="width: 0px; height: 0px;"></a>
+ </div>
+ </div>
+
+ </div>
+</nav>
+
+
+<div class="container" id="main_container">
+ <div class="row">
+ <div class="col-md-9" id="content_container">
+ <div id="page_notes"></div>
+ <h1>CVE-2017-3165: Cross-site vulnerabilities in Apache Brooklyn</h1>
+ <h2 id="severity">Severity</h2>
+<p>Major</p>
+
+<h2 id="vendor">Vendor</h2>
+<p>The Apache Software Foundation</p>
+
+<h2 id="versions-affected">Versions Affected</h2>
+<p>Apache Brooklyn 0.9.0 and all prior versions</p>
+
+<h2 id="description">Description</h2>
+<p>Apache Brooklyn’s REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user’s resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.</p>
+
+<h2 id="solution">Solution</h2>
+<p>Upgrade to Apache Brooklyn 0.10.0. This includes commit correctly escaping text and other content provided by a user to prevent untrusted javascript from executing in the browser.</p>
+
+<h2 id="temporary-mitigation-if-you-cannot-upgrade-to-0100">Temporary mitigation if you cannot upgrade to 0.10.0</h2>
+<p>Do not share a Brooklyn server with untrusted users without an enhanced entitlements scheme.</p>
+
+<h2 id="example-exploit">Example exploit</h2>
+<p>Attacking user deploys an entity with a name <code><script>alert(0);</script></code>. Any user browsing that entity will have the <code>alert(0);</code> script executed.</p>
+
+<h2 id="credit">Credit</h2>
+<p>This vulnerability was discovered by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc., and reported to JPCERT/CC who reported them to the Apache Software Foundation on his behalf.</p>
+
+<h2 id="other-references">Other references</h2>
+<p>JPCERT/CC JVN#55489964</p>
+
+ </div>
+
+ <div class="col-md-3">
+ <div class="list-group side-menu" id="side-menu">
+
+
+
+
+
+
+
+
+
+
+
+
+</div>
+<div id="width_reference"></div>
+
+
+<script language="JavaScript" type="application/javascript">
+
+
+sidemenu_x_sizer=function(){ $('#side-menu').width($('#side-menu').parent().find('#width_reference').outerWidth()); };
+$(sidemenu_x_sizer);
+$(window).resize(sidemenu_x_sizer);
+
+
+sidemenu_y_nonfloater=function(){
+ if ($('#side-menu').outerHeight(true) + $('#header').outerHeight(true) + $('#footer').outerHeight(true) > window.innerHeight ||
+ $('#side-menu').width() >= $('#content_container').width()/2) {
+ $('#side-menu').css('position', 'inherit');
+ } else {
+ // restore if screen has grown
+ $('#side-menu').css('position', 'fixed');
+ }
+};
+$(sidemenu_y_nonfloater);
+$(window).resize(sidemenu_y_nonfloater);
+
+
+
+var sideMenu = $("#side-menu"),
+ sideItems = sideMenu.find("a"),
+ // Anchors corresponding to menu items
+ scrollItems = sideItems.map(function(){
+ var item = $(this).attr("section-target");
+ if (item && item.length) { return item; }
+ });
+
+var highlight_section_last_top = -1;
+var highlight_section_completed = false;
+
+var highlight_section = function() {
+ // Get container scroll position
+ var highlight_section_new_top = $(this).scrollTop();
+ if (highlight_section_new_top == highlight_section_last_top) return;
+ var highlight_section_new_bottom = highlight_section_new_top + $(window).height();
+ var scroll_advancing = (highlight_section_new_top > highlight_section_last_top);
+
+ var last_item = null, active_item = $("#side-menu a.section#active");
+
+ var found_top = false;
+ var displayable_items = scrollItems.map(function(itemI){
+ item = $(scrollItems[itemI]);
+ if (item && item.length) {
+ if (highlight_section_last_top == -1 || !highlight_section_completed) {
+ // just opening page - take item matching hash, or otherwise the first item visible
+ if (item.selector === window.location.hash || (item.offset().top > highlight_section_new_top - 20 && !found_top)) {
+ found_top = true;
+ if (item.selector === window.location.hash && item.offset().top < highlight_section_new_top + 60) {
+ // because of our top header, we need to scroll 64px down from any link
+ $('html, body').animate({scrollTop: item.offset().top - 64}, 0);
+ }
+ return item;
+ }
+ } else if (scroll_advancing) {
+ // if scrolling advance, pick up a section when title starts before 1/3 height
+ if (item.offset().top < highlight_section_new_top + $(window).height()/3)
+ return item;
+
+ // or if containing div is finished (usu the whole main content)
+ div_containing_item = item.closest("div");
+ if (div_containing_item.offset().top + div_containing_item.height() < highlight_section_new_bottom + 15)
+ return item;
+ // or when next title is visible
+ if (last_item && item.offset().top < highlight_section_new_bottom + 15)
+ return last_item;
+ } else {
+ // if scrolling back, pick up a section as soon as the title is visible,
+ if (item.offset().top < highlight_section_new_top)
+ return item;
+ // or if title is before the 2/3 point
+ // (not sure about this, probably want also to have
+ // "AND the id.top is <= displayable_itemsrent_active_it.top" so we don't jump FORWARD a section
+ // when scrolling BACK, with lots of tiny sections)
+ if ((item.offset().top < highlight_section_new_top + 2*$(window).height()/3)
+ && (!active_item || !active_item.offset() || active_item.offset().top >= item.offset().top))
+ return item;
+
+ }
+ last_item = item;
+ }
+ });
+ if (!highlight_section_completed && document.readyState === "complete") {
+ highlight_section_completed = true;
+ }
+ if (!displayable_items.length) {
+ $("#side-menu a.section").removeClass("active");
+ } else {
+ displayable_items = displayable_items[displayable_items.length-1];
+ var id = displayable_items && displayable_items.length ? displayable_items[0].id : "";
+ // Set/remove active class
+ new_active = $("#side-menu a.section").filter("[section-target='#"+id+"']");
+ if (new_active.hasClass("active")) {
+ // nothing needed
+ } else {
+ $("#side-menu a.section").removeClass("active");
+ $("#side-menu a.section").filter("[section-target='#"+id+"']").addClass("active");
+ }
+ }
+
+ highlight_section_last_top = highlight_section_new_top;
+};
+var highlight_new_section = function() {
+ highlight_section_completed = false;
+ highlight_section_last_top = -1;
+ highlight_section();
+}
+
+$(window).scroll(highlight_section);
+$(highlight_new_section);
+
+// detect link change - courtesy http://www.bennadel.com/blog/1520-binding-events-to-non-dom-objects-with-jquery.htm
+ (
+ function( $ ){
+ // Default to the current location.
+ var strLocation = window.location.href;
+ var strHash = window.location.hash;
+ var strPrevLocation = "";
+ var strPrevHash = "";
+
+ // This is how often we will be checkint for
+ // changes on the location.
+ var intIntervalTime = 100;
+
+ // This method removes the pound from the hash.
+ var fnCleanHash = function( strHash ){
+ return(
+ strHash.substring( 1, strHash.length )
+ );
+ }
+
+ // This will be the method that we use to check
+ // changes in the window location.
+ var fnCheckLocation = function(){
+ // Check to see if the location has changed.
+ if (strLocation != window.location.href){
+
+ // Store the new and previous locations.
+ strPrevLocation = strLocation;
+ strPrevHash = strHash;
+ strLocation = window.location.href;
+ strHash = window.location.hash;
+
+ // The location has changed. Trigger a
+ // change event on the location object,
+ // passing in the current and previous
+ // location values.
+ $( window.location ).trigger(
+ "change",
+ {
+ currentHref: strLocation,
+ currentHash: fnCleanHash( strHash ),
+ previousHref: strPrevLocation,
+ previousHash: fnCleanHash( strPrevHash )
+ }
+ );
+
+ }
+ }
+
+ // Set an interval to check the location changes.
+ setInterval( fnCheckLocation, intIntervalTime );
+ }
+ )( jQuery );
+// and trigger highlight section on link change
+$(window.location).bind("change", highlight_new_section);
+
+</script>
+
+ </div>
+ </div>
+</div>
+
+<div id="footer">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-10 text-muted">
+ Apache Brooklyn is distributed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License v2.0</a>.
+ </div>
+ <div class="col-md-2">
+ <a class="btn btn-sm btn-default" href="https://github.com/apache/brooklyn-docs/edit/master/website/community/security/CVE-2017-3165.md">Edit This Page</a>
+ <a href="https://brooklyn.apache.org/community/how-to-contribute-docs.html"
+ data-toggle="tooltip" data-placement="top" title="How to Edit Documentation" data-delay="400"/>
+ <span class="octicon octicon-question octicon-footer"></span>
+ </a>
+ </div>
+ </div>
+ </div>
+</div>
+
+
+
+
+<script language="JavaScript" type="application/javascript">
+
+ fix_padding_function = function () {
+ $('body').css('padding-top', parseInt($('#header').css("height"))+10);
+ $('body').css('padding-bottom', parseInt($('#footer').css("height"))+10);
+ };
+ $(window).resize(fix_padding_function);
+ $(window).load(fix_padding_function);
+
+ $(function () {
+ $('[data-toggle="tooltip"]').tooltip({ delay: { show: 600, hide: 100 }})
+ });
+
+/* generate anchors for headers, a la github and http://blog.parkermoore.de/2014/08/01/header-anchor-links-in-vanilla-javascript-for-github-pages-and-jekyll/ */
+var anchorForId = function (id, text) {
+ var anchor = document.createElement("a");
+ anchor.className = "header-link";
+ anchor.href = "#" + id;
+ anchor.innerHTML = "<i class=\"fa fa-link\"></i>";
+ return anchor;
+};
+
+var linkifyAnchors = function (level, containingElement) {
+ var headers = contentBlock.find("h" + level);
+ for (var h = 0; h < headers.length; h++) {
+ var header = headers[h];
+ if (typeof header.id !== "undefined" && header.id !== "") {
+ header.appendChild(anchorForId(header.id, $(header).text()));
+ }
+ }
+};
+
+$(function () {
+ contentBlock = $("#content_container");
+ if (!contentBlock) return;
+ for (var level = 1; level <= 6; level++) {
+ linkifyAnchors(level, contentBlock);
+ }
+});
+
+<!-- Copying and clipboard support -->
+
+// first make the $% line starts not selectable
+
+$(function() {
+ $('div.highlight').attr('oncopy', 'handleHideCopy(this)');
+ $('div.highlight').each(function(index,target) {
+ if ($(target).find('code.bash')) {
+ // Mark bash prompts from the start of each line (i.e. '$' or '%' characters
+ // at the very start, or immediately following any newline) as not-selectable.
+ // Handle continuation lines where a leading '$' or '%' is *not* a prompt character.
+ // (If example wants to exclude output, it can manually use class="nocopy".)
+ target.innerHTML = target.innerHTML.replace(/(^\s*|[^\\]\n)(<.*>)?([$%]|>) /g, '$1$2<span class="nocopy bash_prompt">$3 </span>');
+ }
+ });
+});
+
+// normal cmd-C (non-icon) copying
+
+function handleHideCopy(el) {
+// var origHtml = $(el).clone();
+ console.log("handling copy", el);
+ $(el).addClass('copying');
+ $(el).find('.nocopy').hide();
+ $(el).find('.clipboard_button').addClass('manual-clipboard-is-active');
+ setTimeout(function(){
+ $(el).removeClass('copying');
+ $(el).find('.clipboard_button').removeClass('manual-clipboard-is-active');
+ $(el).find('.nocopy').show();
+// $(el).html(origHtml);
+ }, 600);
+}
+
+// and icon (flash) copying
+
+</script>
+
+<script src="/style/js/zeroclipboard/ZeroClipboard.min.js"></script>
+
+<script language="JavaScript" type="application/javascript">
+
+ZeroClipboard.config({ moviePath: '/style/js/zeroclipboard/ZeroClipboard.swf' });
+
+$(function() {
+ $('div.highlight').prepend(
+ $('<div class="clipboard_container" title="Copy to Clipboard">'+
+ '<div class="fa clipboard_button">'+
+ '<div class="on-active"><div>Copied to Clipboard</div></div>'+
+ '</div></div>'));
+ $('div.clipboard_container').each(function(index) {
+ var clipboard = new ZeroClipboard();
+ clipboard.clip( $(this).find(":first")[0], $(this)[0] );
+ var target0 = $(this).next();
+ var target = target0.clone();
+ target.find('.nocopy').remove();
+ var txt = target.text();
+ clipboard.on( 'dataRequested', function (client, args) {
+ handleHideCopy( target0.closest('div.highlight') ); //not necessary but nicer feedback
+ client.setText( txt );
+ });
+ });
+});
+
+
+<!-- search -->
+ $(function() {
+ $('#simple_google')
+ .submit(function() {
+ $('input[name="q"]').val("site:" + document.location.hostname + " " + $('input[name="brooklyn-search"]').val());
+ return true;
+ });
+ $('input[name="brooklyn-search"]').focus(function() {
+ if ($(this).val() === $(this).attr('placeholder')) {
+ $(this).val('');
+ }
+ })
+ .blur(function() {
+ if ($(this).val() === '') {
+ $(this).val($(this).attr('placeholder'));
+ }
+ })
+ .blur();
+ });
+
+
+ <!-- analytics -->
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-30530918-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+
+
+<!-- page warning (for archive pages) -->
+
+
+ function get_user_versions() {
+ return $.cookie("brooklyn_versions") ? $.cookie("brooklyn_versions").split(",") : [];
+ };
+ function set_user_version(version) {
+ var version_cookie = get_user_versions();
+ version_cookie.push(version);
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function set_user_versions_all() {
+ var version_cookie = get_user_versions();
+ version_cookie.push("ALL");
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function clear_user_versions() {
+ $.removeCookie('brooklyn_versions', { path: '/' });
+ $('#page_notes').fadeIn('slow');
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+
+</script>
+
+</body>
+
+</html>
Added: brooklyn/site/community/security/index.html
URL: http://svn.apache.org/viewvc/brooklyn/site/community/security/index.html?rev=1782490&view=auto
==============================================================================
--- brooklyn/site/community/security/index.html (added)
+++ brooklyn/site/community/security/index.html Fri Feb 10 17:04:25 2017
@@ -0,0 +1,814 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+
+<head>
+
+
+<title>Security Advisories - Apache Brooklyn</title>
+
+<meta http-equiv="content-type" content="text/html; charset=utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+
+<link href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css" rel="stylesheet">
+<link href="/style/deps/octicons/octicons.css" rel="stylesheet">
+<link href="/style/deps/bootstrap-theme.css" rel="stylesheet">
+
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
+<script src="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js"></script>
+<script type="text/javascript" src="/style/deps/jquery.cookie.js"></script>
+
+
+
+<link rel="stylesheet" href="/style/css/code.css" type="text/css" media="screen" />
+<link href="/style/css/website.css" rel="stylesheet">
+
+
+
+</head>
+
+
+<body>
+
+<nav class="navbar navbar-default navbar-fixed-top" id="header" role="navigation">
+ <div class="container-and-sidebars">
+
+ <div class="container-sidebar-left feather">
+ <a href="http://www.apache.org/">
+ <img src="/style/img/feather.png" alt="[Apache]" width="80" class="flip navbar-feather">
+ </a>
+ </div>
+
+ <div class="container container-between-sidebars top-menu">
+ <div class="container-fluid">
+ <!-- Brand and toggle get grouped for better mobile display -->
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/"><img src="/style/img/apache-brooklyn-logo-244px-wide.png" alt="brooklyn"></a>
+ </div>
+
+ <!-- Collect the nav links, forms, and other content for toggling -->
+ <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
+ <ul class="nav navbar-nav navbar-right">
+
+
+ <li class="dropdown">
+ <a href="/learnmore/index.html">learn more</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/learnmore/index.html">Learn More</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/learnmore/blueprint-tour.html">Blueprint Tour
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/features/index.html">Features
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/theory.html">Theory
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/learnmore/catalog/index.html">Browse Catalog
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="">
+ <a href="/download/index.html">download</a>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/v/latest/start/index.html">get started</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/v/latest/start/index.html">Get Started</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/start/running.html">Running Apache Brooklyn
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/blueprints.html">Deploying Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/managing.html">Monitoring and Managing Applications
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/policies.html">Policies
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/start/concept-quickstart.html">Brooklyn Concepts Quickstart
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/documentation/index.html">documentation</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/documentation/index.html">Documentation</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/v/latest/index.html">User Guide
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/yaml/creating-yaml.html">YAML Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/java/index.html">Java Blueprints
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/ops/index.html">Operations
+ </a>
+
+ <div class="dropdown_section_header"><hr></div>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <div class="dropdown_new_section"><hr></div>
+
+ <a href="/meta/versions.html">Versions
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/documentation/other-docs.html">Other Resources
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown active">
+ <a href="/community/index.html">community</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/community/index.html">Community</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/community/mailing-lists.html">Mailing Lists
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/irc.html">IRC
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="/community/how-to-contribute-docs.html">Contributing Documentation
+ </a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+
+ <li class="dropdown">
+ <a href="/developers/index.html">developers</a>
+ <ul class="dropdown-menu" role="menu">
+ <li>
+ <a href="/developers/index.html">Developers</a>
+ </li>
+ <li class="divider"></li>
+
+ <li>
+
+ <a href="/developers/code/index.html">Get the Code
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/how-to-contribute.html">How to Contribute
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/v/latest/dev/index.html">Developer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/committers/index.html">Committer Guide
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/code-standards.html">Code Standards
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="/developers/links.html">Handy Places
+ </a>
+
+ </li>
+
+ <li>
+
+ <a href="http://github.com/apache/brooklyn">GitHub
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ <li>
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+ </li>
+
+ </ul>
+ </li>
+
+
+ </ul>
+ </div><!-- /.navbar-collapse -->
+ </div><!-- /.container-fluid -->
+ </div><!-- /.container -->
+
+ <div class="container-sidebar-right">
+ <div class="navbar-sidebar-right-icons">
+ <a href="https://github.com/apache/brooklyn" class="navbar-icon navbar-icon-shift icon-github"
+ data-toggle="tooltip" data-placement="bottom" title="GitHub: apache/brooklyn"/>
+ <a href="https://twitter.com/#!/search?q=brooklyncentral" class="navbar-icon navbar-icon-shift icon-twitter"
+ data-toggle="tooltip" data-placement="bottom" title="Twitter: @brooklyncentral"/>
+ <a href="http://webchat.freenode.net/?channels=brooklyncentral" class="navbar-icon icon-irc"
+ data-toggle="tooltip" data-placement="bottom" title="IRC: freenode #brooklyncentral"/>
+ <!-- extra a element seems needed as landing page seems to copy the last element here (!?)
+ -->
+ <a href="/" style="width: 0px; height: 0px;"></a>
+ </div>
+ </div>
+
+ </div>
+</nav>
+
+
+<div class="container" id="main_container">
+ <div class="row">
+ <div class="col-md-9" id="content_container">
+ <div id="page_notes"></div>
+ <h1>Security Advisories</h1>
+ <p><a href="CVE-2017-3165.html">CVE-2017-3165: Cross-site vulnerabilities in Apache Brooklyn</a></p>
+
+<p><a href="CVE-2016-8737.html">CVE-2016-8737: Cross-site request forgery vulnerability in Apache Brooklyn</a></p>
+
+<p><a href="CVE-2016-8744.html">CVE-2016-8744: Apache Brooklyn, SnakeYAML configuration potentially allows remote code execution</a></p>
+
+ </div>
+
+ <div class="col-md-3">
+ <div class="list-group side-menu" id="side-menu">
+
+
+
+
+
+
+ <h4 class="">
+ <a href="/community/index.html" class="list-group-item breadcrumb breadcrumb0">
+ Community
+ </a></h4>
+
+
+
+
+
+ <a href="/community/mailing-lists.html" class="list-group-item">Mailing Lists
+ </a>
+
+
+
+
+
+ <a href="/community/irc.html" class="list-group-item">IRC
+ </a>
+
+
+
+
+
+ <a href="/community/security/index.html" class="list-group-item active">Security Advisories
+ </a>
+
+
+
+
+
+ <a href="https://issues.apache.org/jira/browse/BROOKLYN" class="list-group-item">Bug Tracker (JIRA)
+ <span class="octicon octicon-link-external"></span></a>
+
+
+
+
+
+ <a href="/community/how-to-contribute-docs.html" class="list-group-item">Contributing Documentation
+ </a>
+
+
+
+
+
+
+
+</div>
+<div id="width_reference"></div>
+
+
+<script language="JavaScript" type="application/javascript">
+
+
+sidemenu_x_sizer=function(){ $('#side-menu').width($('#side-menu').parent().find('#width_reference').outerWidth()); };
+$(sidemenu_x_sizer);
+$(window).resize(sidemenu_x_sizer);
+
+
+sidemenu_y_nonfloater=function(){
+ if ($('#side-menu').outerHeight(true) + $('#header').outerHeight(true) + $('#footer').outerHeight(true) > window.innerHeight ||
+ $('#side-menu').width() >= $('#content_container').width()/2) {
+ $('#side-menu').css('position', 'inherit');
+ } else {
+ // restore if screen has grown
+ $('#side-menu').css('position', 'fixed');
+ }
+};
+$(sidemenu_y_nonfloater);
+$(window).resize(sidemenu_y_nonfloater);
+
+
+
+var sideMenu = $("#side-menu"),
+ sideItems = sideMenu.find("a"),
+ // Anchors corresponding to menu items
+ scrollItems = sideItems.map(function(){
+ var item = $(this).attr("section-target");
+ if (item && item.length) { return item; }
+ });
+
+var highlight_section_last_top = -1;
+var highlight_section_completed = false;
+
+var highlight_section = function() {
+ // Get container scroll position
+ var highlight_section_new_top = $(this).scrollTop();
+ if (highlight_section_new_top == highlight_section_last_top) return;
+ var highlight_section_new_bottom = highlight_section_new_top + $(window).height();
+ var scroll_advancing = (highlight_section_new_top > highlight_section_last_top);
+
+ var last_item = null, active_item = $("#side-menu a.section#active");
+
+ var found_top = false;
+ var displayable_items = scrollItems.map(function(itemI){
+ item = $(scrollItems[itemI]);
+ if (item && item.length) {
+ if (highlight_section_last_top == -1 || !highlight_section_completed) {
+ // just opening page - take item matching hash, or otherwise the first item visible
+ if (item.selector === window.location.hash || (item.offset().top > highlight_section_new_top - 20 && !found_top)) {
+ found_top = true;
+ if (item.selector === window.location.hash && item.offset().top < highlight_section_new_top + 60) {
+ // because of our top header, we need to scroll 64px down from any link
+ $('html, body').animate({scrollTop: item.offset().top - 64}, 0);
+ }
+ return item;
+ }
+ } else if (scroll_advancing) {
+ // if scrolling advance, pick up a section when title starts before 1/3 height
+ if (item.offset().top < highlight_section_new_top + $(window).height()/3)
+ return item;
+
+ // or if containing div is finished (usu the whole main content)
+ div_containing_item = item.closest("div");
+ if (div_containing_item.offset().top + div_containing_item.height() < highlight_section_new_bottom + 15)
+ return item;
+ // or when next title is visible
+ if (last_item && item.offset().top < highlight_section_new_bottom + 15)
+ return last_item;
+ } else {
+ // if scrolling back, pick up a section as soon as the title is visible,
+ if (item.offset().top < highlight_section_new_top)
+ return item;
+ // or if title is before the 2/3 point
+ // (not sure about this, probably want also to have
+ // "AND the id.top is <= displayable_itemsrent_active_it.top" so we don't jump FORWARD a section
+ // when scrolling BACK, with lots of tiny sections)
+ if ((item.offset().top < highlight_section_new_top + 2*$(window).height()/3)
+ && (!active_item || !active_item.offset() || active_item.offset().top >= item.offset().top))
+ return item;
+
+ }
+ last_item = item;
+ }
+ });
+ if (!highlight_section_completed && document.readyState === "complete") {
+ highlight_section_completed = true;
+ }
+ if (!displayable_items.length) {
+ $("#side-menu a.section").removeClass("active");
+ } else {
+ displayable_items = displayable_items[displayable_items.length-1];
+ var id = displayable_items && displayable_items.length ? displayable_items[0].id : "";
+ // Set/remove active class
+ new_active = $("#side-menu a.section").filter("[section-target='#"+id+"']");
+ if (new_active.hasClass("active")) {
+ // nothing needed
+ } else {
+ $("#side-menu a.section").removeClass("active");
+ $("#side-menu a.section").filter("[section-target='#"+id+"']").addClass("active");
+ }
+ }
+
+ highlight_section_last_top = highlight_section_new_top;
+};
+var highlight_new_section = function() {
+ highlight_section_completed = false;
+ highlight_section_last_top = -1;
+ highlight_section();
+}
+
+$(window).scroll(highlight_section);
+$(highlight_new_section);
+
+// detect link change - courtesy http://www.bennadel.com/blog/1520-binding-events-to-non-dom-objects-with-jquery.htm
+ (
+ function( $ ){
+ // Default to the current location.
+ var strLocation = window.location.href;
+ var strHash = window.location.hash;
+ var strPrevLocation = "";
+ var strPrevHash = "";
+
+ // This is how often we will be checkint for
+ // changes on the location.
+ var intIntervalTime = 100;
+
+ // This method removes the pound from the hash.
+ var fnCleanHash = function( strHash ){
+ return(
+ strHash.substring( 1, strHash.length )
+ );
+ }
+
+ // This will be the method that we use to check
+ // changes in the window location.
+ var fnCheckLocation = function(){
+ // Check to see if the location has changed.
+ if (strLocation != window.location.href){
+
+ // Store the new and previous locations.
+ strPrevLocation = strLocation;
+ strPrevHash = strHash;
+ strLocation = window.location.href;
+ strHash = window.location.hash;
+
+ // The location has changed. Trigger a
+ // change event on the location object,
+ // passing in the current and previous
+ // location values.
+ $( window.location ).trigger(
+ "change",
+ {
+ currentHref: strLocation,
+ currentHash: fnCleanHash( strHash ),
+ previousHref: strPrevLocation,
+ previousHash: fnCleanHash( strPrevHash )
+ }
+ );
+
+ }
+ }
+
+ // Set an interval to check the location changes.
+ setInterval( fnCheckLocation, intIntervalTime );
+ }
+ )( jQuery );
+// and trigger highlight section on link change
+$(window.location).bind("change", highlight_new_section);
+
+</script>
+
+ </div>
+ </div>
+</div>
+
+<div id="footer">
+ <div class="container">
+ <div class="row">
+ <div class="col-md-10 text-muted">
+ Apache Brooklyn is distributed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License v2.0</a>.
+ </div>
+ <div class="col-md-2">
+ <a class="btn btn-sm btn-default" href="https://github.com/apache/brooklyn-docs/edit/master/website/community/security/index.md">Edit This Page</a>
+ <a href="https://brooklyn.apache.org/community/how-to-contribute-docs.html"
+ data-toggle="tooltip" data-placement="top" title="How to Edit Documentation" data-delay="400"/>
+ <span class="octicon octicon-question octicon-footer"></span>
+ </a>
+ </div>
+ </div>
+ </div>
+</div>
+
+
+
+
+<script language="JavaScript" type="application/javascript">
+
+ fix_padding_function = function () {
+ $('body').css('padding-top', parseInt($('#header').css("height"))+10);
+ $('body').css('padding-bottom', parseInt($('#footer').css("height"))+10);
+ };
+ $(window).resize(fix_padding_function);
+ $(window).load(fix_padding_function);
+
+ $(function () {
+ $('[data-toggle="tooltip"]').tooltip({ delay: { show: 600, hide: 100 }})
+ });
+
+/* generate anchors for headers, a la github and http://blog.parkermoore.de/2014/08/01/header-anchor-links-in-vanilla-javascript-for-github-pages-and-jekyll/ */
+var anchorForId = function (id, text) {
+ var anchor = document.createElement("a");
+ anchor.className = "header-link";
+ anchor.href = "#" + id;
+ anchor.innerHTML = "<i class=\"fa fa-link\"></i>";
+ return anchor;
+};
+
+var linkifyAnchors = function (level, containingElement) {
+ var headers = contentBlock.find("h" + level);
+ for (var h = 0; h < headers.length; h++) {
+ var header = headers[h];
+ if (typeof header.id !== "undefined" && header.id !== "") {
+ header.appendChild(anchorForId(header.id, $(header).text()));
+ }
+ }
+};
+
+$(function () {
+ contentBlock = $("#content_container");
+ if (!contentBlock) return;
+ for (var level = 1; level <= 6; level++) {
+ linkifyAnchors(level, contentBlock);
+ }
+});
+
+<!-- Copying and clipboard support -->
+
+// first make the $% line starts not selectable
+
+$(function() {
+ $('div.highlight').attr('oncopy', 'handleHideCopy(this)');
+ $('div.highlight').each(function(index,target) {
+ if ($(target).find('code.bash')) {
+ // Mark bash prompts from the start of each line (i.e. '$' or '%' characters
+ // at the very start, or immediately following any newline) as not-selectable.
+ // Handle continuation lines where a leading '$' or '%' is *not* a prompt character.
+ // (If example wants to exclude output, it can manually use class="nocopy".)
+ target.innerHTML = target.innerHTML.replace(/(^\s*|[^\\]\n)(<.*>)?([$%]|>) /g, '$1$2<span class="nocopy bash_prompt">$3 </span>');
+ }
+ });
+});
+
+// normal cmd-C (non-icon) copying
+
+function handleHideCopy(el) {
+// var origHtml = $(el).clone();
+ console.log("handling copy", el);
+ $(el).addClass('copying');
+ $(el).find('.nocopy').hide();
+ $(el).find('.clipboard_button').addClass('manual-clipboard-is-active');
+ setTimeout(function(){
+ $(el).removeClass('copying');
+ $(el).find('.clipboard_button').removeClass('manual-clipboard-is-active');
+ $(el).find('.nocopy').show();
+// $(el).html(origHtml);
+ }, 600);
+}
+
+// and icon (flash) copying
+
+</script>
+
+<script src="/style/js/zeroclipboard/ZeroClipboard.min.js"></script>
+
+<script language="JavaScript" type="application/javascript">
+
+ZeroClipboard.config({ moviePath: '/style/js/zeroclipboard/ZeroClipboard.swf' });
+
+$(function() {
+ $('div.highlight').prepend(
+ $('<div class="clipboard_container" title="Copy to Clipboard">'+
+ '<div class="fa clipboard_button">'+
+ '<div class="on-active"><div>Copied to Clipboard</div></div>'+
+ '</div></div>'));
+ $('div.clipboard_container').each(function(index) {
+ var clipboard = new ZeroClipboard();
+ clipboard.clip( $(this).find(":first")[0], $(this)[0] );
+ var target0 = $(this).next();
+ var target = target0.clone();
+ target.find('.nocopy').remove();
+ var txt = target.text();
+ clipboard.on( 'dataRequested', function (client, args) {
+ handleHideCopy( target0.closest('div.highlight') ); //not necessary but nicer feedback
+ client.setText( txt );
+ });
+ });
+});
+
+
+<!-- search -->
+ $(function() {
+ $('#simple_google')
+ .submit(function() {
+ $('input[name="q"]').val("site:" + document.location.hostname + " " + $('input[name="brooklyn-search"]').val());
+ return true;
+ });
+ $('input[name="brooklyn-search"]').focus(function() {
+ if ($(this).val() === $(this).attr('placeholder')) {
+ $(this).val('');
+ }
+ })
+ .blur(function() {
+ if ($(this).val() === '') {
+ $(this).val($(this).attr('placeholder'));
+ }
+ })
+ .blur();
+ });
+
+
+ <!-- analytics -->
+ var _gaq = _gaq || [];
+ _gaq.push(['_setAccount', 'UA-30530918-1']);
+ _gaq.push(['_trackPageview']);
+
+ (function() {
+ var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+ ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+ var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+ })();
+
+
+<!-- page warning (for archive pages) -->
+
+
+ function get_user_versions() {
+ return $.cookie("brooklyn_versions") ? $.cookie("brooklyn_versions").split(",") : [];
+ };
+ function set_user_version(version) {
+ var version_cookie = get_user_versions();
+ version_cookie.push(version);
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function set_user_versions_all() {
+ var version_cookie = get_user_versions();
+ version_cookie.push("ALL");
+ $.cookie('brooklyn_versions', version_cookie, { expires: 365, path: '/' });
+ $('#page_notes').fadeOut();
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+ function clear_user_versions() {
+ $.removeCookie('brooklyn_versions', { path: '/' });
+ $('#page_notes').fadeIn('slow');
+ event.preventDefault ? event.preventDefault() : event.returnValue = false;
+ };
+
+</script>
+
+</body>
+
+</html>
Modified: brooklyn/site/contributing/index.html
URL: http://svn.apache.org/viewvc/brooklyn/site/contributing/index.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/contributing/index.html (original)
+++ brooklyn/site/contributing/index.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/code-standards.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/code-standards.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/code-standards.html (original)
+++ brooklyn/site/developers/code-standards.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/code/git-more.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/code/git-more.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/code/git-more.html (original)
+++ brooklyn/site/developers/code/git-more.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/code/index.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/code/index.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/code/index.html (original)
+++ brooklyn/site/developers/code/index.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/committers/index.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/index.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/index.html (original)
+++ brooklyn/site/developers/committers/index.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/committers/merging-contributed-code.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/merging-contributed-code.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/merging-contributed-code.html (original)
+++ brooklyn/site/developers/committers/merging-contributed-code.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/committers/release-process/announce.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/release-process/announce.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/release-process/announce.html (original)
+++ brooklyn/site/developers/committers/release-process/announce.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/committers/release-process/environment-variables.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/release-process/environment-variables.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/release-process/environment-variables.html (original)
+++ brooklyn/site/developers/committers/release-process/environment-variables.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/committers/release-process/fix-release.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/release-process/fix-release.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/release-process/fix-release.html (original)
+++ brooklyn/site/developers/committers/release-process/fix-release.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
Modified: brooklyn/site/developers/committers/release-process/index.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/release-process/index.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/release-process/index.html (original)
+++ brooklyn/site/developers/committers/release-process/index.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>
@@ -377,6 +384,7 @@ under the License.
<div id="page_notes"></div>
<h1>Release Process</h1>
<ol>
+ <li><a href="prepare-for-release.html">Preparing for a release</a> - How to prepare the project for a release</li>
<li><a href="prerequisites.html">Prerequisites</a> - steps that a new release manager must do (but which only need to be done once)</li>
<li><a href="environment-variables.html">Set environment variables</a> - many example snippets here use environment variables to
avoid repetition - this page describes what they are</li>
@@ -384,11 +392,8 @@ avoid repetition - this page describes w
<li><a href="make-release-artifacts.html">Make the release artifacts</a></li>
<li><a href="verify-release-artifacts.html">Verify the release artifacts</a></li>
<li><a href="publish-temp.html">Publish the release artifacts to the staging area</a></li>
- <li><a href="vote.html">Vote on the dev@brooklyn list</a>
- <ol>
- <li>If the vote fails - <a href="fix-release.html">fix the release branch</a> and resume from step 3</li>
- </ol>
- </li>
+ <li><a href="vote.html">Vote on the dev@brooklyn list</a></li>
+ <li>If the vote fails - <a href="fix-release.html">fix the release branch</a> and resume from step 4</li>
<li><a href="publish.html">Publish the release artifacts to the public location</a></li>
<li><a href="announce.html">Announce the release</a></li>
</ol>
Modified: brooklyn/site/developers/committers/release-process/make-release-artifacts.html
URL: http://svn.apache.org/viewvc/brooklyn/site/developers/committers/release-process/make-release-artifacts.html?rev=1782490&r1=1782489&r2=1782490&view=diff
==============================================================================
--- brooklyn/site/developers/committers/release-process/make-release-artifacts.html (original)
+++ brooklyn/site/developers/committers/release-process/make-release-artifacts.html Fri Feb 10 17:04:25 2017
@@ -263,6 +263,13 @@ under the License.
<li>
+ <a href="/community/security/index.html">Security Advisories
+ </a>
+
+ </li>
+
+ <li>
+
<a href="https://issues.apache.org/jira/browse/BROOKLYN">Bug Tracker (JIRA)
<span class="octicon octicon-link-external"></span></a>