(openmeetings) branch master updated: [OPENMEETINGS-2792] notice regarding personal details in the logs is added (#199)

Sat, 06 Sep 2025 21:14:43 -0700 

This is an automated email from the ASF dual-hosted git repository.

solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git


The following commit(s) were added to refs/heads/master by this push:
     new 8e71523a2 [OPENMEETINGS-2792] notice regarding personal details in the 
logs is added (#199)
8e71523a2 is described below

commit 8e71523a211d1b06690eaf8cab2957bd6ce16397
Author: Maxim Solodovnik <[email protected]>
AuthorDate: Fri Sep 5 19:58:41 2025 +0700

    [OPENMEETINGS-2792] notice regarding personal details in the logs is added 
(#199)
    
    * [OPENMEETINGS-2792] notice regarding personal details in the logs is added
    
    * Update openmeetings-server/src/site/xdoc/security.xml
    
    Co-authored-by: Arnout Engelen <[email protected]>
    
    ---------
    
    Co-authored-by: Arnout Engelen <[email protected]>
---
 openmeetings-server/src/site/xdoc/security.xml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/openmeetings-server/src/site/xdoc/security.xml 
b/openmeetings-server/src/site/xdoc/security.xml
index 53bf8b701..82fe7a6a5 100644
--- a/openmeetings-server/src/site/xdoc/security.xml
+++ b/openmeetings-server/src/site/xdoc/security.xml
@@ -30,13 +30,20 @@
                                <a 
href="https://www.apache.org/security/";>Apache Security Team</a> page.<br/>
                                <br/>
                                <a 
href="https://www.apache.org/security/committers.html#vulnerability-handling";>Vulnerability
 handling guide</a>
+                               <br/>
                        </p>
                        <p>
-                               REFERENCES -> permalink to the announce email 
in archives<br/>
+                               REFERENCES -&gt; permalink to the announce 
email in archives<br/>
                                Going forward, please include the <b>product 
and version information</b> in the <b>description</b> itself
                                as well as in the "[PRODUCT]" and "[VERSION]" 
lines in your submissions.
                                While this may seem redundant, including the 
information in both places satisfies different use cases and supports 
automation.
                        </p>
+                       <div class="bd-callout bd-callout-info">
+                               IMPORTANT: We do our best to provide logging 
config with enough details so you can audit your OpenMeetings instance.
+                               But depending on your current config logs might 
contain sensitive info.<br/>
+                               Please contact <code>security (at) openmeetings 
(dot) apache (dot) org</code> if you find a place where we still log sensitive 
information, so we can improve the defaults.<br/>
+                               Please contact <code>user (at) openmeetings 
(dot) apache (dot) org</code> if you have any questions regarding logging config
+                       </div>
                </section>
                <section name="Reporting New Security Problems">
                        <p>

Reply via email to