This is an automated email from the ASF dual-hosted git repository. pkarwasz pushed a commit to branch feature/threat-model in repository https://gitbox.apache.org/repos/asf/logging-site.git
commit 1770312bdfce20f9794aaeb842534d91d218f19c Author: Piotr P. Karwasz <[email protected]> AuthorDate: Wed Mar 19 12:52:28 2025 +0100 tmp --- _threat-model-common.adoc | 8 ++++---- security.adoc | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/_threat-model-common.adoc b/_threat-model-common.adoc index 5698d334..44f2726b 100644 --- a/_threat-model-common.adoc +++ b/_threat-model-common.adoc @@ -16,19 +16,19 @@ //// [#threat-common] -=== Common threat model += Common threat model Below we share the threat model shared by all Logging Services projects. [#threat-common-code-signing] -==== Code signing +== Code signing All Logging Services software release distributions are signed using GPG using a key from the Logging Services PMC https://downloads.apache.org/logging/KEYS[KEYS file]. Information on how to verify releases signatures are explained further in xref:download.adoc[the Download page]. Thus, GPG signatures should be validated in your build process. [#threat-common-config-sources] -==== Configuration sources +== Configuration sources All configuration sources to an application must be trusted by the programmer. When loading a configuration file from disk (especially when a monitor interval is configured to reload the file periodically), the location of the configuration file must be kept safe from unauthorized modifications. Similarly, when loading a configuration file over the network such as through HTTP, this should be configured to use TLS or a secure connection in general with strong authentication guarantees. @@ -40,7 +40,7 @@ When configurations are provided through JNDI, these should only use the `java` JNDI-sourced configurations should not use other JNDI providers such as LDAP, DNS, or RMI, as all these providers are difficult to properly secure. [#threat-common-java-serialization] -==== Java Object Serialization Stream Protocol +== Java Object Serialization Stream Protocol https://docs.oracle.com/javase/8/docs/platform/serialization/spec/protocol.html[Java Object Serialization Stream Protocol] should not be used to deserialize data from untrusted sources. See https://owasp.org/www-community/vulnerabilities/Deserialization_of_untrusted_data[the related OWASP guide] for details. diff --git a/security.adoc b/security.adoc index 288df590..ca2aba0c 100644 --- a/security.adoc +++ b/security.adoc @@ -22,7 +22,7 @@ The Logging Services Security Team takes security seriously. This allows our users to place their trust in Log4j for protecting their mission-critical data. -In this page we will help you find guidance on security-related issues and access to known vulnerabilities. +On this page, we will help you find guidance on security-related issues and access to known vulnerabilities. include::_log4j1-eol.adoc[] @@ -48,7 +48,7 @@ We urge you to **carefully read the threat model** detailed in following section It guides users on certain safety instructions while using Logging Services software and elaborates on what counts as an unexpected behaviour that has a security impact. ==== -include::_threat-model-common.adoc[] +include::_threat-model-common.adoc[leveloffset=+1] include::_threat-model-log4j.adoc[]
