You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2022/12/14 23:27:57 UTC

[GitHub] [solr-site] janhoy commented on a diff in pull request #86: First draft presenting dependency vulnerability info

janhoy commented on code in PR #86:
URL: https://github.com/apache/solr-site/pull/86#discussion_r1049069644


##########
content/pages/security.md:
##########
@@ -10,17 +10,42 @@ Every CVE that is detected by a software scanner is by definition already public
 
 To find a path forward in addressing a detected CVE we suggest the following process for fastest results:
 
-1. Check further down this page to see if the CVE is listed as exploitable in Solr.
-2. Check the [officially published non-exploitable vulnerabilities](https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools) list to see if the CVE is listed as not exploitable in Solr.
+1. Check [further down this page](#recent-cve-reports-for-apache-solr) to see if the CVE is listed as exploitable in Solr.
+2. Check the [officially published non-exploitable vulnerabilities](#cve-reports-for-apache-solr-dependencies) list to see if the CVE is listed as not exploitable in Solr.
 3. Search through the [Solr users mailing list archive](https://lists.apache.org/list.html?users@solr.apache.org)  to see if anyone else has brought up this dependency CVE.
 4. If no one has, then please do [subscribe to the users mailing list](https://solr.apache.org/community.html#mailing-lists-chat) and then send an email asking about the CVE.
 
+#### VEX
+Since the process of checking whether CVEs in dependencies of Solr affect your

Review Comment:
   I'd prefer if the "VEX" chapter was pushed to the bottom of the page, next to the new table, it takes up much real-estate and I think we should be more to the point. As it is now we continue to grow the "intro" part of security page so users have to read tons of text before they get to the "meat".



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org