You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by hu...@apache.org on 2007/08/27 03:06:29 UTC
svn commit: r569942 - in /struts/site/src/site: fml/kickstart.fml site.xml
xdoc/index.xml xdoc/security.xml
Author: husted
Date: Sun Aug 26 18:06:29 2007
New Revision: 569942
URL: http://svn.apache.org/viewvc?rev=569942&view=rev
Log:
Add security page and ApacheCon plugs.
Added:
struts/site/src/site/xdoc/security.xml
Modified:
struts/site/src/site/fml/kickstart.fml
struts/site/src/site/site.xml
struts/site/src/site/xdoc/index.xml
Modified: struts/site/src/site/fml/kickstart.fml
URL: http://svn.apache.org/viewvc/struts/site/src/site/fml/kickstart.fml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/fml/kickstart.fml (original)
+++ struts/site/src/site/fml/kickstart.fml Sun Aug 26 18:06:29 2007
@@ -289,7 +289,7 @@
If you believe you've found a security vulnerability in Apache Struts, please contact our
security address - any emails not relating to security vulnerabilities will be ignored without
a reply (all security related information will be kept confidential unless otherwise indicated):
- [security (at) apache (dot) org].
+ [security (at) struts (dot) apache (dot) org].
</p>
</answer>
</faq>
Modified: struts/site/src/site/site.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/site.xml (original)
+++ struts/site/src/site/site.xml Sun Aug 26 18:06:29 2007
@@ -77,6 +77,10 @@
name="Issue Tracker (JIRA)"
href="http://issues.apache.org/struts/"
/>
+ <item
+ name="Reporting Security Issues"
+ href="security.html"
+ />
</menu>
<menu name="Development">
Modified: struts/site/src/site/xdoc/index.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/xdoc/index.xml (original)
+++ struts/site/src/site/xdoc/index.xml Sun Aug 26 18:06:29 2007
@@ -32,14 +32,43 @@
</p>
</section>
+ <section name="ApacheCon US 2007 - Atlanta GA">
+ <a href="http://apachecon.com/"><img src="http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png" alt="ApacheCon US 2007" hspace="16" align="right"/></a>
+ <p>
+ Three Struts presentations are scheduled for
+ <a href="http://www.us.apachecon.com/">ApacheCon US 2007</a>,
+ which is being held in Atlanta GA, November 12-16.
+ </p>
+
+ <ul>
+ <li><a href="http://us.apachecon.com/us2007/program/talk/1883">Migrating to Ajax</a> (Ted Husted), 12 Nov @10a (five-hour training course)</li>
+ <li><a href="http://us.apachecon.com/us2007/program/talk/1880">Using Groovy with Struts 2</a> (Mark Menard), 13 Nov @10a (five-hour training course)</li>
+ <li><a href="http://us.apachecon.com/us2007/program/talk/2058">Go Light with Apache Struts 2 and REST</a> (Don Brown), 15 Nov @5:30p (one-hour presentation)</li>
+ </ul>
+
+ <p>
+ Also of interest (among many others!):
+ </p>
+
+ <ul>
+ <li><a href="http://us.apachecon.com/us2007/program/talk/2023">Apache Roller and Blogs as a Web Development Platform</a> (Dave Johnson), 14 Nov @10:30a (one hour presentation)</li>
+ <li><a href="http://us.apachecon.com/us2007/program/talk/1903">Apache Harmony - Building Java SE in Open source</a> (Geir Magnusson Jr.), 14 Nov @4:30p (one hour presentation)</li>
+ <li><a href="http://us.apachecon.com/us2007/program/talk/1994">Comparing Java Web Frameworks</a> (Matt Raible), 15 Nov @9a (one hour presentation)</li>
+ </ul>
+
+ <p>
+ Hope to see you there!
+ </p>
+
+ </section>
+
<a name="Threads"/>
<section name="Recent Threads">
- <a href="http://apachecon.com/"><img src="http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png" alt="ApacheCon US 2007" hspace="16" align="right"/></a>
<p>
What do people who use Apache Struts have to say about using it?
Browse the
- <a href="http://www.nabble.com/Struts---User-f206.html">
- user mailing list,</a>
+ <strong><a href="http://www.nabble.com/Struts---User-f206.html">
+ user mailing list,</a></strong>
and see for yourself.
</p>
<ul>
Added: struts/site/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/security.xml?rev=569942&view=auto
==============================================================================
--- struts/site/src/site/xdoc/security.xml (added)
+++ struts/site/src/site/xdoc/security.xml Sun Aug 26 18:06:29 2007
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<!--
+Copyright 1999-2005 The Apache Software Foundation
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+// ======================================================================== 78
+-->
+<document>
+
+ <properties>
+ <title>Security Issues</title>
+ </properties>
+
+ <body>
+
+ <section name="Reporting New Security Issues with Apache Struts">
+
+ <p>
+ The Apache Struts project takes a very active stance in
+ eliminating security problems and denial of service attacks
+ against applications using the Apache Struts framework.
+ </p>
+
+ <p>
+ We strongly encourage folks to report such problems to our
+ private security mailing list first, before disclosing them
+ in a public forum.
+ </p>
+
+ <p>
+ <strong>We cannot accept regular bug reports or other queries at
+ this address, we ask that you use our
+ <a href="http://issues.apache.org/struts/">issue tracker (JIRA)</a>
+ for those. <font color="red">All mail sent to this
+ address that does not relate to security problems in the Apache
+ Struts source code will be ignored.</font></strong>
+ </p>
+
+ <p>
+ Note that all networked servers are subject to denial of service
+ attacks, and we cannot promise magic workarounds to generic problems
+ (such as a client streaming lots of data to your server, or re-requesting
+ the same URL repeatedly). In general our philosophy is to avoid any
+ attacks which can cause the server to consume resources in a non-linear
+ relationship to the size of inputs.
+ </p>
+
+ <p>
+ The mailing address is:
+ <code>security at struts (dot) apache (dot) org</code>
+ </p>
+
+ <p>
+ <a href="http://httpd.apache.org/docs/trunk/misc/security_tips.html">
+ General network server security tips</a>
+ </p>
+
+ </section>
+
+ </body>
+</document>