struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lukaszlen...@apache.org
Subject svn commit: r1601081 - in /struts/site/trunk: content/index.html content/submitting-patches.html source/index.html source/submitting-patches.md
Date Sat, 07 Jun 2014 09:40:12 GMT
Author: lukaszlenart
Date: Sat Jun  7 09:40:12 2014
New Revision: 1601081

URL: http://svn.apache.org/r1601081
Log:
Adds info and note about Google's patch reward program

Modified:
    struts/site/trunk/content/index.html
    struts/site/trunk/content/submitting-patches.html
    struts/site/trunk/source/index.html
    struts/site/trunk/source/submitting-patches.md

Modified: struts/site/trunk/content/index.html
URL: http://svn.apache.org/viewvc/struts/site/trunk/content/index.html?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/content/index.html (original)
+++ struts/site/trunk/content/index.html Sat Jun  7 09:40:12 2014
@@ -129,9 +129,10 @@
       <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-23163.html">Version
notes</a>
     </div>
     <div class="col-md-4">
-      <h2>Struts up to 2.3.16.1: Zero-Day Exploit Mitigation!</h2>
-      <p>In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters
was supposed to be resolved. Unfortunately,
-        the correction wasn't sufficient, <a href="announce.html#a20140424">read more</a>
+      <h2>Google's Patch Rewards program</h2>
+      <p>During <a href="http://www.meetup.com/sfhtml5/">SFHTML5</a> Google
announced that they extend their program
+        to cover the Apache Struts project as well. Now you can earn some many preparing
patches for us!
+        <a href="submitting-patches.html#patch-reward">read more</a>
       </p>
     </div>
     <div class="col-md-4">

Modified: struts/site/trunk/content/submitting-patches.html
URL: http://svn.apache.org/viewvc/struts/site/trunk/content/submitting-patches.html?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/content/submitting-patches.html (original)
+++ struts/site/trunk/content/submitting-patches.html Sat Jun  7 09:40:12 2014
@@ -182,6 +182,34 @@ your fork and branch to compare the diff
 <li><a href="http://wiki.apache.org/general/GitAtApache">Git at Apache</a></li>
 </ul>
 
+<h1><span id="patch-reward">Google&#39;s Patch Reward program</h1>
+
+<p>During <a href="http://www.meetup.com/sfhtml5/">SFHTML5</a> Google announced
that they adding the Apache Struts project to
+<a href="https://www.google.com/about/appsecurity/patch-rewards/">the Google&#39;s
Security Patch Reward Program</a>.</p>
+
+<p>What does it mean?</p>
+
+<p>If you prepared a patch that eliminates a security vulnerability or improves existing
security mechanism
+you can get a bounty :-) You will find more details on
+<a href="http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html">the
Google&#39;s blog</a>
+ or under the link above, just to give you a quick guideline how does it work:</p>
+
+<ul>
+<li>prepare a patch and submit it to our <a href="https://issues.apache.org/jira/browse/WW">JIRA</a>,
+it can be a Pull Request on GitHub as well, but must reference the JIRA ticket.</li>
+<li>let us know that you did something great, post a message to <a href="dev-mail.html">Struts
Dev mailing list</a></li>
+<li>we will review the patch and if it&#39;s a real great thing then we will merge
it into our code base</li>
+<li>just wait on official release of the Apache Struts and now you can request the
reward from Google :-)</li>
+</ul>
+
+<p><strong>NOTE</strong></p>
+
+<p>If you are concerned that your patch can disclose a security vulnerability, instead
of submitting it as a ticket,
+send it directly to the <a href="mailto:security@struts.apache.org">Struts Security
team</a>. This will give us the possibility
+to prepare a new release with your patch in secret.</p>
+
+<p>Have fun and code!</p>
+
   </section>
 </article>
 

Modified: struts/site/trunk/source/index.html
URL: http://svn.apache.org/viewvc/struts/site/trunk/source/index.html?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/source/index.html (original)
+++ struts/site/trunk/source/index.html Sat Jun  7 09:40:12 2014
@@ -26,9 +26,10 @@ title: Welcome to the Apache Struts proj
       <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-{{ site.current_version_short
}}.html">Version notes</a>
     </div>
     <div class="col-md-4">
-      <h2>Struts up to 2.3.16.1: Zero-Day Exploit Mitigation!</h2>
-      <p>In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters
was supposed to be resolved. Unfortunately,
-        the correction wasn't sufficient, <a href="announce.html#a20140424">read more</a>
+      <h2>Google's Patch Rewards program</h2>
+      <p>During <a href="http://www.meetup.com/sfhtml5/">SFHTML5</a> Google
announced that they extend their program
+        to cover the Apache Struts project as well. Now you can earn some many preparing
patches for us!
+        <a href="submitting-patches.html#patch-reward">read more</a>
       </p>
     </div>
     <div class="col-md-4">

Modified: struts/site/trunk/source/submitting-patches.md
URL: http://svn.apache.org/viewvc/struts/site/trunk/source/submitting-patches.md?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/source/submitting-patches.md (original)
+++ struts/site/trunk/source/submitting-patches.md Sat Jun  7 09:40:12 2014
@@ -77,3 +77,29 @@ Finally hit `Create Pull Request` button
 ## Further reading
 
  * [Git at Apache](http://wiki.apache.org/general/GitAtApache)
+
+# <span id="patch-reward">Google's Patch Reward program
+
+During [SFHTML5](http://www.meetup.com/sfhtml5/) Google announced that they adding the Apache
Struts project to
+[the Google's Security Patch Reward Program](https://www.google.com/about/appsecurity/patch-rewards/).
+
+What does it mean?
+
+If you prepared a patch that eliminates a security vulnerability or improves existing security
mechanism
+you can get a bounty :-) You will find more details on
+[the Google's blog](http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html)
+ or under the link above, just to give you a quick guideline how does it work:
+
+- prepare a patch and submit it to our [JIRA](https://issues.apache.org/jira/browse/WW),
+  it can be a Pull Request on GitHub as well, but must reference the JIRA ticket.
+- let us know that you did something great, post a message to [Struts Dev mailing list](dev-mail.html)
+- we will review the patch and if it's a real great thing then we will merge it into our
code base
+- just wait on official release of the Apache Struts and now you can request the reward from
Google :-)
+
+**NOTE**
+
+If you are concerned that your patch can disclose a security vulnerability, instead of submitting
it as a ticket,
+send it directly to the [Struts Security team](mailto:security@struts.apache.org). This will
give us the possibility
+to prepare a new release with your patch in secret.
+
+Have fun and code!



Mime
View raw message