Re: [fileupload][daemon][beanutils] Missing Security Info in Website

[Benedikt Ritter <br...@apache.org>]

Hello Stefan,

this is a good idea. I think you've searched hard enough and the said
components simply don't have such a page (yet).

br,
Benedikt

2014-08-31 13:16 GMT+02:00 Stefan Bodewig <bo...@apache.org>:

> Hi all,
>
> I've put together a security page for Commons so people have a place to
> get information quickly, it is based on the recommendations by our
> security team[1] and the existing page of Compress[2].
>
>          http://commons.staging.apache.org/security.html
>
> this one is still in staging so we can fiddle around with it and has not
> been linked from the main nav, yet.
>
> While looking for existing security information pages of components I
> searched the CVE database and found three issues related to FileUpload
> (CVE-2013-2186 / CVE-2013-0248 / CVE-2014-0050), one for Daemon
> (CVE-2011-2729) and one for BeanUtils (CVE-2011-2729).
>
> When searching through the site I don't find any hint on the CVEs on the
> Daemon or BeanUtils sites, maybe I've not been looking hard enough.
> FileUpload has two of the three CVEs in its changes report.
>
> I think the sites should be changed in order to provide information
> about the issues.
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
http://people.apache.org/~britter/
http://www.systemoutprintln.de/
http://twitter.com/BenediktRitter
http://github.com/britter