This is an automated email from the ASF dual-hosted git repository. jacopoc pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
commit ab2872a1879561045f347c1cf9cfd6b6ac1fb1aa Author: Jacopo Cappellato <[email protected]> AuthorDate: Tue Feb 24 11:16:36 2026 +0100 Improved: Enhance security vulnerability reporting guidelines on the security page --- security.html | 2 ++ template/page/security.tpl.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/security.html b/security.html index bbd3d22..81d4309 100644 --- a/security.html +++ b/security.html @@ -132,6 +132,8 @@ <h2>Reporting a Security Vulnerability</h2> Security vulnerabilities should be reported privately to the Apache OFBiz Security Team following ASF security reporting guidelines at: <strong>[email protected]</strong>.<br/> + Before submitting a report, please carefully review the <a href="https://github.com/apache/ofbiz-framework/blob/trunk/SECURITY.md"; target="external">OFBiz Security Model</a> to ensure the issue falls within the project's defined security scope and assumptions.<br/> + Please submit each vulnerability report in a separate email to facilitate efficient tracking and resolution.<br/> Please do not report security issues through public issue trackers or mailing lists.<br/> The OFBiz Security Team will acknowledge receipt of the report and work with the reporter to investigate and address the issue. diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php index 67be357..d71c9a0 100644 --- a/template/page/security.tpl.php +++ b/template/page/security.tpl.php @@ -33,6 +33,8 @@ <h2>Reporting a Security Vulnerability</h2> Security vulnerabilities should be reported privately to the Apache OFBiz Security Team following ASF security reporting guidelines at: <strong>[email protected]</strong>.<br/> + Before submitting a report, please carefully review the <a href="https://github.com/apache/ofbiz-framework/blob/trunk/SECURITY.md"; target="external">OFBiz Security Model</a> to ensure the issue falls within the project's defined security scope and assumptions.<br/> + Please submit each vulnerability report in a separate email to facilitate efficient tracking and resolution.<br/> Please do not report security issues through public issue trackers or mailing lists.<br/> The OFBiz Security Team will acknowledge receipt of the report and work with the reporter to investigate and address the issue.
