This is an automated email from the ASF dual-hosted git repository.
linkinstar pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/answer-website.git
The following commit(s) were added to refs/heads/main by this push:
new 2211d22e1 docs: make security pages easier to find
2211d22e1 is described below
commit 2211d22e130704f9631ee31df8aa841b48e79e37
Author: Arnout Engelen <[email protected]>
AuthorDate: Wed Feb 26 10:10:42 2025 +0100
docs: make security pages easier to find
Add links between security pages, and don't link to the ASF-wide
security page from the menu to increase the chance that a user sees the
answer-specific security pages first.
---
community/security-model.md | 4 +++-
community/security.md | 2 +-
docusaurus.config.js | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/community/security-model.md b/community/security-model.md
index 59fda5913..2295b2a9f 100644
--- a/community/security-model.md
+++ b/community/security-model.md
@@ -6,6 +6,8 @@ slug: /security-model
This document outlines the security model of Apache Answer. It aims to help
users understand the security model and make informed decisions about deploying
and managing Apache Answer securely.
+If you think you have found behavior in Apache Answer that does not follow
this security model, please [report it](/community/security) to us privately.
+
## Admin Permission Security
**Admin users have full system permissions**, which includes access to
potentially vulnerable operations. While we assume administrators won't attack
their own websites, it's crucial to exercise caution when assigning admin
privileges.
@@ -26,4 +28,4 @@ Apache Answer only guarantees the security of official
plugins distributed throu
If you find a security bug, with that in mind, please do not file public
issues. You can follow the instructions in the [security
policy](https://github.com/apache/answer/security/policy) to report it
privately. We will fix it as soon as possible.
-:::
\ No newline at end of file
+:::
diff --git a/community/security.md b/community/security.md
index 4e58e0fe7..4574eb750 100644
--- a/community/security.md
+++ b/community/security.md
@@ -4,7 +4,7 @@ slug: /security
# Security
-The Apache Software Foundation takes a rigorous stance on eliminating security
issues in its software projects. If you find a security bug, with that in mind,
please do not file public issues. You can follow the instructions in the
[security policy](https://github.com/apache/answer/security/policy) to report
it privately. We will fix it as soon as possible.
+The Apache Software Foundation takes a rigorous stance on eliminating security
issues in its software projects. If you find a security bug, with that in mind,
please do not file public issues. Before reporting a security issue, check the
[security model](/community/security-model). You can follow the instructions in
the [security policy](https://github.com/apache/answer/security/policy) to
report it privately. We will fix it as soon as possible.
# Security fixes
diff --git a/docusaurus.config.js b/docusaurus.config.js
index fde18e866..f301b9610 100644
--- a/docusaurus.config.js
+++ b/docusaurus.config.js
@@ -9,7 +9,7 @@ const asfLinks = [
{to: 'https://www.apache.org/events/current-event.html', label: 'Events'},
{to: 'https://www.apache.org/foundation/sponsorship.html', label:
'Sponsorship'},
{to: 'https://privacy.apache.org/policies/privacy-policy-public.html',
label: 'Privacy'},
- {to: 'https://www.apache.org/security/', label: 'Security'},
+ {to: 'community/security', label: 'Security'},
{to: 'https://www.apache.org/foundation/thanks.html', label: 'Thanks'},
];
const redirectPaths = require('./redirects.js');
