You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@solr.apache.org by ho...@apache.org on 2022/10/31 20:42:40 UTC

[solr-site] branch vuln-scans created (now 322d09574)

This is an automated email from the ASF dual-hosted git repository.

houston pushed a change to branch vuln-scans
in repository https://gitbox.apache.org/repos/asf/solr-site.git


      at 322d09574 Warn about scans in security section.

This branch includes the following new commits:

     new 322d09574 Warn about scans in security section.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[solr-site] 01/01: Warn about scans in security section.

Posted by ho...@apache.org.
This is an automated email from the ASF dual-hosted git repository.

houston pushed a commit to branch vuln-scans
in repository https://gitbox.apache.org/repos/asf/solr-site.git

commit 322d09574fea4a3b55264d767aee6679a6fd6423
Author: Houston Putman <ho...@apache.org>
AuthorDate: Mon Oct 31 16:42:36 2022 -0400

    Warn about scans in security section.
    
    Hopefully less people will email the list with these issues.
---
 content/pages/security.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/content/pages/security.md b/content/pages/security.md
index 7ed73b1e5..0a8516d70 100644
--- a/content/pages/security.md
+++ b/content/pages/security.md
@@ -7,6 +7,9 @@ template: security
 If you believe you have discovered a vulnerability in Solr, you may first want to consult the [list of known false positives](https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools) to make sure you are reporting a real vulnerability.
 Then please disclose responsibly by following [these ASF guidelines](https://www.apache.org/security/) for reporting.
 
+The Solr PMC will not accept the output of a vulnerability scan as a security report.
+Please do not email the security list with issues on Solr dependencies or outputs from vulnerability scanning tools.
+
 You may file your request by email to <ma...@solr.apache.org>.
 
 ## More information