add a project specific (mostly empty) security page
Project: http://git-wip-us.apache.org/repos/asf/logging-log4net/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4net/commit/44a62bdb Tree: http://git-wip-us.apache.org/repos/asf/logging-log4net/tree/44a62bdb Diff: http://git-wip-us.apache.org/repos/asf/logging-log4net/diff/44a62bdb Branch: refs/heads/feature/RollingFileAppender-NG Commit: 44a62bdba9fe737c16056e4b34cbee72718edf95 Parents: a0329e0 Author: Stefan Bodewig <bode...@apache.org> Authored: Wed Jan 31 16:51:55 2018 +0100 Committer: Stefan Bodewig <bode...@apache.org> Committed: Wed Jan 31 16:51:55 2018 +0100 ---------------------------------------------------------------------- src/site/site.xml | 5 +- src/site/xdoc/release/security-reports.xml | 64 +++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/logging-log4net/blob/44a62bdb/src/site/site.xml ---------------------------------------------------------------------- diff --git a/src/site/site.xml b/src/site/site.xml index aefdd5c..aa20cb6 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -30,6 +30,7 @@ <menu name="Apache log4net" inherit="top" img="icon-home"> <item name="About" href="/index.html"/> <item name="Download" href="/download_log4net.cgi"/> + <item name="Security Reports" href="/release/security-reports.html"/> <item name="Release Notes" href="/release/release-notes.html"/> <item name="License" href="/license.html"/> </menu> @@ -66,8 +67,8 @@ </menu> <menu name="Apache" inherit="top" img="icon-info-sign"> - <item name="Home" href="http://www.apache.org/"/> - <item name="License" href="http://www.apache.org/licenses/"/> + <item name="Home" href="http://www.apache.org/"/> + <item name="License" href="http://www.apache.org/licenses/"/> <item name="Sponsorship" href="http://www.apache.org/foundation/sponsorship.html"/> <item name="Thanks" href="http://www.apache.org/foundation/thanks.html"/> <item name="Security" href="http://www.apache.org/security/"/> http://git-wip-us.apache.org/repos/asf/logging-log4net/blob/44a62bdb/src/site/xdoc/release/security-reports.xml ---------------------------------------------------------------------- diff --git a/src/site/xdoc/release/security-reports.xml b/src/site/xdoc/release/security-reports.xml new file mode 100644 index 0000000..30c57bd --- /dev/null +++ b/src/site/xdoc/release/security-reports.xml @@ -0,0 +1,64 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<document> + <properties> + <title>Apache log4net: Security Reports</title> + <author email="d...@logging.apache.org">Logging Documentation Team</author> + </properties> + <body> + <section name="General Information"> + <p>For information about reporting or asking questions about + security problems, please see the <a + href="https://logging.apache.org/security.html";>security page + of the Logging project</a>.</p> + </section> + + <section name="Apache log4net Security Vulnerabilities"> + <p>This page lists all security vulnerabilities fixed in + released versions of Apache log4net. Each + vulnerability is given a security impact rating by the + development team - please note that this rating may vary from + platform to platform. We also list the versions of log4net the + flaw is known to affect, and where a flaw has not + been verified list the version with a question mark.</p> + + <p>Please note that binary patches are never provided. If you + need to apply a source code patch, use the building + instructions for the log4net version that you are + using.</p> + + <p>If you need help on building log4net or other help + on following the instructions to mitigate the known + vulnerabilities listed here, please send your questions to the + public <a href="../mail-lists.html">Logging Users mailing + list</a>.</p> + + <p>If you have encountered an unlisted security vulnerability + or other unexpected behaviour that has security impact, or if + the descriptions here are incomplete, please report them + privately to the Apache Security Team. Thank you.</p> + + </section> + + <section name="Errors and Ommissions"> + <p>Please report any errors or omissions to <a + href="../mail-lists.html">the dev mailing list</a>.</p> + </section> + </body> +</document>
