You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2013/03/28 22:31:24 UTC
svn commit: r1462314 - /struts/site/trunk/content/xdoc/security.xml
Author: lukaszlenart
Date: Thu Mar 28 21:31:24 2013
New Revision: 1462314
URL: http://svn.apache.org/r1462314
Log:
Changes link to JIRA
Modified:
struts/site/trunk/content/xdoc/security.xml
Modified: struts/site/trunk/content/xdoc/security.xml
URL: http://svn.apache.org/viewvc/struts/site/trunk/content/xdoc/security.xml?rev=1462314&r1=1462313&r2=1462314&view=diff
==============================================================================
--- struts/site/trunk/content/xdoc/security.xml (original)
+++ struts/site/trunk/content/xdoc/security.xml Thu Mar 28 21:31:24 2013
@@ -1,77 +1,77 @@
-<?xml version="1.0"?>
-<!--
-Copyright 1999-2005 The Apache Software Foundation
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-// ======================================================================== 78
--->
-<document>
-
- <properties>
- <title>Security Issues</title>
- </properties>
-
- <body>
-
- <section name="Reporting New Security Issues with Apache Struts">
-
- <p>
- The Apache Struts project takes a very active stance in
- eliminating security problems and denial of service attacks
- against applications using the Apache Struts framework.
- </p>
-
- <p><strong>
- We strongly encourage folks to report such security problems to our
- private security mailing list first, before disclosing them
- in a public forum.</strong>
- </p>
-
- <p>
- We cannot accept regular bug reports or other queries at
- this address, we ask that you use our
- <a href="http://issues.apache.org/jira/">issue tracker (JIRA)</a>
- for those. <span style="color:red;">All mail sent to this
- address that does not relate to security problems in the Apache
- Struts source code will be ignored.</span>
- </p>
-
- <p>
- Note that all networked servers are subject to denial of service
- attacks, and we cannot promise magic workarounds to generic problems
- (such as a client streaming lots of data to your server, or re-requesting
- the same URL repeatedly). In general our philosophy is to avoid any
- attacks which can cause the server to consume resources in a non-linear
- relationship to the size of inputs.
- </p>
-
- <p>
- The mailing address is:
- <code>security at struts (dot) apache (dot) org</code>
- </p>
-
- <p>
- <a href="http://httpd.apache.org/docs/trunk/misc/security_tips.html">
- General network server security tips</a>
- </p>
-
- <p>
- <a href="http://www.apache.org/security/">
- The Apache Security Team</a>
- </p>
-
- </section>
-
- </body>
-</document>
+<?xml version="1.0"?>
+<!--
+Copyright 1999-2005 The Apache Software Foundation
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+// ======================================================================== 78
+-->
+<document>
+
+ <properties>
+ <title>Security Issues</title>
+ </properties>
+
+ <body>
+
+ <section name="Reporting New Security Issues with Apache Struts">
+
+ <p>
+ The Apache Struts project takes a very active stance in
+ eliminating security problems and denial of service attacks
+ against applications using the Apache Struts framework.
+ </p>
+
+ <p><strong>
+ We strongly encourage folks to report such security problems to our
+ private security mailing list first, before disclosing them
+ in a public forum.</strong>
+ </p>
+
+ <p>
+ We cannot accept regular bug reports or other queries at
+ this address, we ask that you use our
+ <a href="https://issues.apache.org/jira/browse/WW">issue tracker (JIRA)</a>
+ for those. <span style="color:red;">All mail sent to this
+ address that does not relate to security problems in the Apache
+ Struts source code will be ignored.</span>
+ </p>
+
+ <p>
+ Note that all networked servers are subject to denial of service
+ attacks, and we cannot promise magic workarounds to generic problems
+ (such as a client streaming lots of data to your server, or re-requesting
+ the same URL repeatedly). In general our philosophy is to avoid any
+ attacks which can cause the server to consume resources in a non-linear
+ relationship to the size of inputs.
+ </p>
+
+ <p>
+ The mailing address is:
+ <code>security at struts (dot) apache (dot) org</code>
+ </p>
+
+ <p>
+ <a href="http://httpd.apache.org/docs/trunk/misc/security_tips.html">
+ General network server security tips</a>
+ </p>
+
+ <p>
+ <a href="http://www.apache.org/security/">
+ The Apache Security Team</a>
+ </p>
+
+ </section>
+
+ </body>
+</document>