Dear Wiki user, You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for change notification.
The "Security" page has been changed by JoanTouzet: https://wiki.apache.org/couchdb/Security?action=diff&rev1=3&rev2=4 Comment: decom, point to official docs instead <<Include(EditTheWiki)>> - = Security = + Please see our [[http://docs.couchdb.org/en/stable/cve/index.html|documentation and official process]] instead. - This page explains the CouchDB and Apache Security Policies and links to a list of known vulnerabilities. - - == List of Vulnerabilities == - - * 31.03.2010: [[http://markmail.org/message/7x6ljrjsj5u3zr4h|CVE-2010-0009]] affects all versions of Apache CouchDB prior to 0.11.0. - * 21.02.2010: [[http://mail-archives.apache.org/mod_mbox/couchdb-dev/201008.mbox/%%3cd105f928-15c0-403a-a958-1fd2648f5...@apache.org%%3e|CVE-2010-2234]] affects all versions of Apache CouchDB prior to 0.11.2. - * 28.01.2011: [[http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%%3cc840f655-c8c5-4ec6-8aa8-dd223e39c...@apache.org%%3e|CVE-2010-3854]] affects all versions of Apache CouchDB prior to 1.0.1. - * 14.01.2013: [[http://markmail.org/thread/67bpkke5yr42cur5 | CVE-2012-5641 ]] affects all versions. - * 14.01.2013: [[http://markmail.org/thread/d6pwilyhs36xxdiv | CVE-2012-5650 ]] affects all versions. - * 14.01.2013: [[http://markmail.org/thread/r3btufgy4ahnw76e | CVE-2012-5651 ]] affects all versions. - - - == Reporting New Security Problems with Apache CouchDB == - - The Apache Software Foundation takes a very active stance in eliminating security problems and denial of service attacks against Apache CouchDB. - - We strongly encourage folks to report such problems to our private security mailing list first, before disclosing them in a public forum. - - Please note that the security mailing list should only be used for reporting undisclosed security vulnerabilities in Apache CouchDB and managing the process of - fixing such vulnerabilities. We cannot accept regular bug reports or other queries at this address. All mail sent to this address that does not relate to an undisclosed - security problem in the Apache CouchDB source code will be ignored. - - If you need to report a bug that isn't an undisclosed security vulnerability, please use [[https://issues.apache.org/jira/browse/COUCHDB|the bug reporting page]]. - - Questions about: - - * how to configure CouchDB securely - * if a vulnerability applies to your particular application - * obtaining further information on a published vulnerability - * availability of patches and/or new releases - - should be address to the [users mailing list][lists]. Please see [[http://wiki.apache.org/couchdb/Mailing%20lists|the mailing lists page]] for details of how to subscribe. - - The private security mailing address is: [[mailto:secur...@couchdb.apache.org|secur...@couchdb.apache.org]] - - Please read [[http://www.apache.org/security/committers.html|how the Apache Software Foundation handles security]] - reports to know what to expect. - - Note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs. -