You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by hu...@apache.org on 2007/08/27 03:06:29 UTC

svn commit: r569942 - in /struts/site/src/site: fml/kickstart.fml site.xml xdoc/index.xml xdoc/security.xml

Author: husted
Date: Sun Aug 26 18:06:29 2007
New Revision: 569942

URL: http://svn.apache.org/viewvc?rev=569942&view=rev
Log:
Add security page and ApacheCon plugs. 

Added:
    struts/site/src/site/xdoc/security.xml
Modified:
    struts/site/src/site/fml/kickstart.fml
    struts/site/src/site/site.xml
    struts/site/src/site/xdoc/index.xml

Modified: struts/site/src/site/fml/kickstart.fml
URL: http://svn.apache.org/viewvc/struts/site/src/site/fml/kickstart.fml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/fml/kickstart.fml (original)
+++ struts/site/src/site/fml/kickstart.fml Sun Aug 26 18:06:29 2007
@@ -289,7 +289,7 @@
                   If you believe you've found a security vulnerability in Apache Struts, please contact our 
                   security address - any emails not relating to security vulnerabilities will be ignored without
                   a reply (all security related information will be kept confidential unless otherwise indicated): 
-                  [security (at) apache (dot) org].
+                  [security (at) struts (dot) apache (dot) org].
                 </p>
             </answer>
         </faq>

Modified: struts/site/src/site/site.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/site.xml (original)
+++ struts/site/src/site/site.xml Sun Aug 26 18:06:29 2007
@@ -77,6 +77,10 @@
                     name="Issue Tracker (JIRA)"
                     href="http://issues.apache.org/struts/"
                     />
+            <item
+                    name="Reporting Security Issues"
+                    href="security.html"
+                    />
         </menu>
 
         <menu name="Development">

Modified: struts/site/src/site/xdoc/index.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/xdoc/index.xml (original)
+++ struts/site/src/site/xdoc/index.xml Sun Aug 26 18:06:29 2007
@@ -32,14 +32,43 @@
             </p>
          </section>
 
+         <section name="ApacheCon US 2007 - Atlanta GA">
+         <a href="http://apachecon.com/"><img src="http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png" alt="ApacheCon US 2007" hspace="16" align="right"/></a>
+            <p>
+              Three Struts presentations are scheduled for
+              <a href="http://www.us.apachecon.com/">ApacheCon US 2007</a>,
+              which is being held in Atlanta GA, November 12-16.
+            </p>
+
+            <ul>
+              <li><a href="http://us.apachecon.com/us2007/program/talk/1883">Migrating to Ajax</a> (Ted Husted), 12 Nov @10a (five-hour training course)</li>
+              <li><a href="http://us.apachecon.com/us2007/program/talk/1880">Using Groovy with Struts 2</a> (Mark Menard), 13 Nov @10a (five-hour training course)</li>
+              <li><a href="http://us.apachecon.com/us2007/program/talk/2058">Go Light with Apache Struts 2 and REST</a> (Don Brown), 15 Nov @5:30p (one-hour presentation)</li>
+            </ul>
+
+            <p>
+              Also of interest (among many others!):
+            </p>
+
+            <ul>
+              <li><a href="http://us.apachecon.com/us2007/program/talk/2023">Apache Roller and Blogs as a Web Development Platform</a> (Dave Johnson), 14 Nov @10:30a (one hour presentation)</li>
+              <li><a href="http://us.apachecon.com/us2007/program/talk/1903">Apache Harmony - Building Java SE in Open source</a> (Geir Magnusson Jr.), 14 Nov @4:30p (one hour presentation)</li>
+              <li><a href="http://us.apachecon.com/us2007/program/talk/1994">Comparing Java Web Frameworks</a> (Matt Raible), 15 Nov @9a (one hour presentation)</li>
+            </ul>
+
+            <p>
+              Hope to see you there!
+            </p>
+
+         </section>
+
         <a name="Threads"/>
         <section name="Recent Threads">
-        <a href="http://apachecon.com/"><img src="http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png" alt="ApacheCon US 2007" hspace="16" align="right"/></a>
           <p>
               What do people who use Apache Struts have to say about using it?
               Browse the
-                <a href="http://www.nabble.com/Struts---User-f206.html">
-                  user mailing list,</a>
+                <strong><a href="http://www.nabble.com/Struts---User-f206.html">
+                  user mailing list,</a></strong>
               and see for yourself.
           </p>
           <ul>

Added: struts/site/src/site/xdoc/security.xml
URL: http://svn.apache.org/viewvc/struts/site/src/site/xdoc/security.xml?rev=569942&view=auto
==============================================================================
--- struts/site/src/site/xdoc/security.xml (added)
+++ struts/site/src/site/xdoc/security.xml Sun Aug 26 18:06:29 2007
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<!--
+Copyright 1999-2005 The Apache Software Foundation
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+// ======================================================================== 78
+-->
+<document>
+
+    <properties>
+        <title>Security Issues</title>
+    </properties>
+
+    <body>
+
+        <section name="Reporting New Security Issues with Apache Struts">
+
+            <p>
+              The Apache Struts project takes a very active stance in
+              eliminating security problems and denial of service attacks
+              against applications using the Apache Struts framework.
+            </p>
+
+            <p>
+              We strongly encourage folks to report such problems to our
+              private security mailing list first, before disclosing them
+              in a public forum.
+            </p>
+
+            <p>
+              <strong>We cannot accept regular bug reports or other queries at
+              this address, we ask that you use our
+              <a href="http://issues.apache.org/struts/">issue tracker (JIRA)</a>
+              for those. <font color="red">All mail sent to this
+              address that does not relate to security problems in the Apache
+              Struts source code will be ignored.</font></strong>
+            </p>
+
+            <p>
+              Note that all networked servers are subject to denial of service
+              attacks, and we cannot promise magic workarounds to generic problems
+              (such as a client streaming lots of data to your server, or re-requesting
+              the same URL repeatedly). In general our philosophy is to avoid any
+              attacks which can cause the server to consume resources in a non-linear
+              relationship to the size of inputs.
+            </p>
+
+            <p>
+              The mailing address is:
+              <code>security at struts (dot) apache (dot) org</code>
+            </p>
+
+            <p>
+              <a href="http://httpd.apache.org/docs/trunk/misc/security_tips.html">
+              General network server security tips</a>
+            </p>
+
+        </section>
+
+    </body>
+</document>