freemarker-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ddek...@apache.org
Subject incubator-freemarker-site git commit: Added section about handling security vulnerabilities to the Comitter how-to.
Date Mon, 23 Jan 2017 14:28:39 GMT
Repository: incubator-freemarker-site
Updated Branches:
  refs/heads/master baf4f16ae -> 64c0ac3ba


Added section about handling security vulnerabilities to the Comitter how-to.


Project: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/commit/64c0ac3b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/tree/64c0ac3b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/diff/64c0ac3b

Branch: refs/heads/master
Commit: 64c0ac3ba51175bde5cff55b8e51d6cc67390ba3
Parents: baf4f16
Author: ddekany <ddekany@apache.org>
Authored: Mon Jan 23 15:28:34 2017 +0100
Committer: ddekany <ddekany@apache.org>
Committed: Mon Jan 23 15:28:34 2017 +0100

----------------------------------------------------------------------
 src/main/docgen/book.xml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/blob/64c0ac3b/src/main/docgen/book.xml
----------------------------------------------------------------------
diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml
index eb73e8c..8453053 100644
--- a/src/main/docgen/book.xml
+++ b/src/main/docgen/book.xml
@@ -538,7 +538,7 @@ two freemarker.jar-s and unpredictable behavior!
     </section>
 
     <section xml:id="report-security-vulnerabilities">
-      <title>Report security vulnerabilities</title>
+      <title>Report security vulnerability</title>
 
       <para>We strongly encourage to report security vulnerabilities to our
       private mailing list first, rather than disclosing them in a public
@@ -553,6 +553,10 @@ two freemarker.jar-s and unpredictable behavior!
       <para>If you want to report a bug that isn't an undisclosed security
       vulnerability, please use <olink targetdoc="newBugReport">our regular
       bug tracker</olink>.</para>
+
+      <para>Committers should <link
+      linkend="handle-security-vulnerabilities">see here</link> how to handle
+      reported security vulnerabilities.</para>
     </section>
 
     <section>
@@ -1877,6 +1881,24 @@ two freemarker.jar-s and unpredictable behavior!
         the <literal>freemarker</literal> repository. About the same guide
         lines apply to the site DocBook as well.</para>
       </section>
+
+      <section xml:id="handle-security-vulnerabilities">
+        <title>Dealing with security vulnerabilities</title>
+
+        <para>If someone reports a security vulnerability, normally he
+        shouldn't do it on a public forum (<link
+        linkend="report-security-vulnerabilities">see how to report it
+        here</link>), and similarly we shouldn't discuss it on a public forum
+        (such as on the developer mailing list), but on the private mailing
+        list of the project. Thus the vulnerability can be fixed and released
+        before it's openly discussed. As a developer, you must not forget that
+        commits are also publicly visible. How to commit, release, and
+        communicate a concrete vulnerability should be discussed on the
+        private mailing lists of the project before doing publicly visible
+        moves. See <link
+        xlink:href="https://www.apache.org/security/committers.html">this
+        page</link> for further guidelines.</para>
+      </section>
     </section>
   </chapter>
 


Mime
View raw message