httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From l...@apache.org
Subject svn commit: r737535 - in /httpd/site/trunk: docs/security_report.html xdocs/security_report.xml
Date Sun, 25 Jan 2009 16:34:50 GMT
Author: lars
Date: Sun Jan 25 16:34:50 2009
New Revision: 737535

URL: http://svn.apache.org/viewvc?rev=737535&view=rev
Log:
Update HTTPd security page to point to central /security/ page.

Modified:
    httpd/site/trunk/docs/security_report.html
    httpd/site/trunk/xdocs/security_report.xml

Modified: httpd/site/trunk/docs/security_report.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/docs/security_report.html?rev=737535&r1=737534&r2=737535&view=diff
==============================================================================
--- httpd/site/trunk/docs/security_report.html (original)
+++ httpd/site/trunk/docs/security_report.html Sun Jan 25 16:34:50 2009
@@ -84,7 +84,7 @@
 Security Vulnerabilities</a></li>
 </ul>
 <p>To get notification of when new security issues are fixed, join
-the <a href="http://httpd.apache.org/lists.html#http-announce">Apache Server Announcements
list</a></p>
+the <a href="http://httpd.apache.org/lists.html#http-announce">Apache HTTP Server Announcements
list</a></p>
   </blockquote>
  </td></tr>
 </table>
@@ -92,25 +92,26 @@
  <tr>
  <td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="reporting"><strong>Reporting New Security Problems with Apache</strong></a>
+   <a name="reporting"><strong>Reporting New Security Problems with the Apache
HTTP Server</strong></a>
   </font>
  </td>
  </tr>
  <tr><td>
   <blockquote>
 <p>The Apache Software Foundation takes a very active stance in eliminating 
-security problems and denial of service attacks against the Apache web 
+security problems and denial of service attacks against the Apache HTTP 
 server.</p>
-<p>We strongly encourage folks to report such problems to our private
-security mailing list first, before disclosing them in a public forum.</p>
-<p><strong>We cannot accept regular bug reports or other queries at
-this address, we ask that you use our <a href="/bug_report.html">bug
-reporting page</a> for those.  <font color="red">All mail sent to this
-address that does not relate to security problems in the Apache source
-code will be ignored.</font></strong></p>
-<p>The mailing address is:
-<code>security@apache.org</code>
+<p>We strongly encourage folks to report such problems to the private
+security mailing list of the ASF Security Team, before disclosing them
+in a public forum.</p>
+<p>Please see the page of the <a href="http://www.apache.org/security/">ASF
+Security Team</a> for further information and contact information.
 </p>
+<p><strong>The Security Team cannot accept regular bug reports or other
+queries, we ask that you use our <a href="/bug_report.html">bug
+reporting page</a> for those.  <font color="red">All mail sent to the
+Security Team that does not relate to security problems in Apache software
+will be ignored.</font></strong></p>
 <p>Note that all networked servers are subject to denial of service
 attacks, and we cannot promise magic workarounds to generic problems
 (such as a client streaming lots of data to your server, or re-requesting
@@ -133,7 +134,8 @@
  <tr><td>
   <blockquote>
 <p>Apache HTTP Server vulnerabilities are labelled with
-CVE (Common Vulnerabilities and Exposures) identifiers.</p>
+<a href="http://cve.mitre.org">CVE</a>
+(Common Vulnerabilities and Exposures) identifiers.</p>
 <p>Experimental
 <a href="/security/vulnerabilities-oval.xml">OVAL definitions</a>
 are available for Apache HTTP Server vulnerabilities</p>

Modified: httpd/site/trunk/xdocs/security_report.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security_report.xml?rev=737535&r1=737534&r2=737535&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security_report.xml (original)
+++ httpd/site/trunk/xdocs/security_report.xml Sun Jan 25 16:34:50 2009
@@ -20,29 +20,30 @@
 </ul>
 
 <p>To get notification of when new security issues are fixed, join
-the <a href="http://httpd.apache.org/lists.html#http-announce">Apache Server Announcements
list</a></p>
+the <a href="http://httpd.apache.org/lists.html#http-announce">Apache HTTP Server Announcements
list</a></p>
 
 </section>
 
 <section id="reporting">
-<title>Reporting New Security Problems with Apache</title>
+<title>Reporting New Security Problems with the Apache HTTP Server</title>
 <p>The Apache Software Foundation takes a very active stance in eliminating 
-security problems and denial of service attacks against the Apache web 
+security problems and denial of service attacks against the Apache HTTP 
 server.</p>
 
-<p>We strongly encourage folks to report such problems to our private
-security mailing list first, before disclosing them in a public forum.</p>
+<p>We strongly encourage folks to report such problems to the private
+security mailing list of the ASF Security Team, before disclosing them
+in a public forum.</p>
 
-<p><strong>We cannot accept regular bug reports or other queries at
-this address, we ask that you use our <a href="/bug_report.html">bug
-reporting page</a> for those.  <font color="red">All mail sent to this
-address that does not relate to security problems in the Apache source
-code will be ignored.</font></strong></p>
-
-<p>The mailing address is:
-<code>security@apache.org</code>
+<p>Please see the page of the <a href="http://www.apache.org/security/">ASF
+Security Team</a> for further information and contact information.
 </p>
 
+<p><strong>The Security Team cannot accept regular bug reports or other
+queries, we ask that you use our <a href="/bug_report.html">bug
+reporting page</a> for those.  <font color="red">All mail sent to the
+Security Team that does not relate to security problems in Apache software
+will be ignored.</font></strong></p>
+
 <p>Note that all networked servers are subject to denial of service
 attacks, and we cannot promise magic workarounds to generic problems
 (such as a client streaming lots of data to your server, or re-requesting
@@ -60,7 +61,8 @@
 <title>Security Standards</title>
 
 <p>Apache HTTP Server vulnerabilities are labelled with
-CVE (Common Vulnerabilities and Exposures) identifiers.</p>
+<a href="http://cve.mitre.org">CVE</a>
+(Common Vulnerabilities and Exposures) identifiers.</p>
 
 <p>Experimental
 <a href="/security/vulnerabilities-oval.xml">OVAL definitions</a>



Mime
View raw message