struts-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r911689 - in /websites/production/struts/content: index.html submitting-patches.html
Date Sat, 07 Jun 2014 09:41:03 GMT
Author: lukaszlenart
Date: Sat Jun  7 09:41:03 2014
New Revision: 911689

Updates production


Modified: websites/production/struts/content/index.html
--- websites/production/struts/content/index.html (original)
+++ websites/production/struts/content/index.html Sat Jun  7 09:41:03 2014
@@ -129,9 +129,10 @@
       <a href="">Version
     <div class="col-md-4">
-      <h2>Struts up to Zero-Day Exploit Mitigation!</h2>
-      <p>In Struts, an issue with ClassLoader manipulation via request parameters
was supposed to be resolved. Unfortunately,
-        the correction wasn't sufficient, <a href="announce.html#a20140424">read more</a>
+      <h2>Google's Patch Rewards program</h2>
+      <p>During <a href="">SFHTML5</a> Google
announced that they extend their program
+        to cover the Apache Struts project as well. Now you can earn some many preparing
patches for us!
+        <a href="submitting-patches.html#patch-reward">read more</a>
     <div class="col-md-4">

Modified: websites/production/struts/content/submitting-patches.html
--- websites/production/struts/content/submitting-patches.html (original)
+++ websites/production/struts/content/submitting-patches.html Sat Jun  7 09:41:03 2014
@@ -182,6 +182,34 @@ your fork and branch to compare the diff
 <li><a href="">Git at Apache</a></li>
+<h1><span id="patch-reward">Google&#39;s Patch Reward program</h1>
+<p>During <a href="">SFHTML5</a> Google announced
that they adding the Apache Struts project to
+<a href="">the Google&#39;s
Security Patch Reward Program</a>.</p>
+<p>What does it mean?</p>
+<p>If you prepared a patch that eliminates a security vulnerability or improves existing
security mechanism
+you can get a bounty :-) You will find more details on
+<a href="">the
Google&#39;s blog</a>
+ or under the link above, just to give you a quick guideline how does it work:</p>
+<li>prepare a patch and submit it to our <a href="">JIRA</a>,
+it can be a Pull Request on GitHub as well, but must reference the JIRA ticket.</li>
+<li>let us know that you did something great, post a message to <a href="dev-mail.html">Struts
Dev mailing list</a></li>
+<li>we will review the patch and if it&#39;s a real great thing then we will merge
it into our code base</li>
+<li>just wait on official release of the Apache Struts and now you can request the
reward from Google :-)</li>
+<p>If you are concerned that your patch can disclose a security vulnerability, instead
of submitting it as a ticket,
+send it directly to the <a href="">Struts Security
team</a>. This will give us the possibility
+to prepare a new release with your patch in secret.</p>
+<p>Have fun and code!</p>

View raw message