You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@solr.apache.org by ho...@apache.org on 2022/10/31 20:42:41 UTC

[solr-site] 01/01: Warn about scans in security section.

This is an automated email from the ASF dual-hosted git repository.

houston pushed a commit to branch vuln-scans
in repository https://gitbox.apache.org/repos/asf/solr-site.git

commit 322d09574fea4a3b55264d767aee6679a6fd6423
Author: Houston Putman <ho...@apache.org>
AuthorDate: Mon Oct 31 16:42:36 2022 -0400

    Warn about scans in security section.
    
    Hopefully less people will email the list with these issues.
---
 content/pages/security.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/content/pages/security.md b/content/pages/security.md
index 7ed73b1e5..0a8516d70 100644
--- a/content/pages/security.md
+++ b/content/pages/security.md
@@ -7,6 +7,9 @@ template: security
 If you believe you have discovered a vulnerability in Solr, you may first want to consult the [list of known false positives](https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools) to make sure you are reporting a real vulnerability.
 Then please disclose responsibly by following [these ASF guidelines](https://www.apache.org/security/) for reporting.
 
+The Solr PMC will not accept the output of a vulnerability scan as a security report.
+Please do not email the security list with issues on Solr dependencies or outputs from vulnerability scanning tools.
+
 You may file your request by email to <ma...@solr.apache.org>.
 
 ## More information