This is an automated email from the ASF dual-hosted git repository.
milamber pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git
The following commit(s) were added to refs/heads/master by this push:
new 0f9be6642c docs: add security page to the website
0f9be6642c is described below
commit 0f9be6642c0e74475e2f4851a7129a18a68c1e13
Author: Arnout Engelen <[email protected]>
AuthorDate: Wed Feb 1 11:28:18 2023 +0100
docs: add security page to the website
Tested with `./gradlew buildPreviewSite`
See https://github.com/apache/jmeter/pull/5768
---
xdocs/security.xml | 56 +++++++++++++++++++++++++++++++++++++++++++
xdocs/stylesheets/project.xml | 2 +-
2 files changed, 57 insertions(+), 1 deletion(-)
diff --git a/xdocs/security.xml b/xdocs/security.xml
new file mode 100644
index 0000000000..2ccf4b296f
--- /dev/null
+++ b/xdocs/security.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to you under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<document>
+<properties>
+ <title>Security</title>
+</properties>
+<body>
+<section name="Security Model">
+ <p>
+ The purpose of JMeter is to execute the workload specified
+ in the input jmx file, which may include arbitrary code.
+ </p>
+ <p>
+ As such, the JMeter security model assumes you trust
+ jmx input files: even opening a jmx input file may in some
+ cases trigger code execution. If you want to use JMeter to
+ evaluate untrusted jmx files, it is up to you to provide the
+ required isolation.
+ </p>
+</section>
+<section name="Reporting security issues">
+ <p>
+ We strongly encourage you to report potential security vulnerabilities to
our private security mailing list, <a
href="mailto:[email protected]";>[email protected]</a>, before disclosing
them in a public forum.
+ </p>
+ <p>
+ Only use this list to report undisclosed security vulnerabilities in
Apache projects and manage the process of fixing such vulnerabilities. We
cannot accept regular bug reports or other security-related queries at these
addresses. We will ignore mail sent to these addresses that does not relate to
an undisclosed security problem in an Apache project.
+ </p>
+ <p>
+ An overview of the vulnerability handling process is:
+ <ul>
+ <li>The reporter reports the vulnerability privately to Apache.</li>
+ <li>The appropriate project's security team works privately with the
reporter to resolve the vulnerability.</li>
+ <li>The project creates a new release of the package the vulnerabilty
affects to deliver its fix.</li>
+ <li>The project publicly announces the vulnerability and describes how to
apply the fix.</li>
+ </ul>
+ Committers should read a <a
href="https://www.apache.org/security/committers.html";>more detailed
description of the process</a>. Reporters of security vulnerabilities may also
find it useful.
+ </p>
+</section>
+</body>
+</document>
diff --git a/xdocs/stylesheets/project.xml b/xdocs/stylesheets/project.xml
index 7fb0834801..113277f8cc 100644
--- a/xdocs/stylesheets/project.xml
+++ b/xdocs/stylesheets/project.xml
@@ -53,7 +53,7 @@
</menu>
<menu name="Community">
<item name="Issue Tracking" href="/issues.html"/>
- <item name="Security"
href="https://www.apache.org/security/"/>
+ <item name="Security" href="/security.html"/>
<item name="Mailing Lists" href="/mail.html"/>
<item name="Source Repositories" href="/svnindex.html"/>
<item name="Building and Contributing" href="/building.html"/>
