We still need to create a security site. Commons Compress can be used as an example for this. I don't have time to do it right now.
Benedikt Benedikt Ritter <brit...@apache.org> schrieb am Do., 30. Juni 2016 um 12:41 Uhr: > Hello Bernd, > > I've fixed this in revision 14202 in the dist area. Does this work for you? > > Benedikt > > Bernd <e...@zusammenkunft.net> schrieb am Di., 28. Juni 2016 um 13:38 Uhr: > >> Hello, >> >> I was trying to come up with a Victims-cve-db entry for CVE-2016-3092 and >> I >> noticed a few odd things ( >> https://github.com/victims/victims-cve-db/pull/47 >> ): >> >> a) the original mail from Jochen did contain a link to a security page but >> Commons FileUpload does not have one: >> >> >> http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3c45a20804-abff-4fed-a297-69ac95ab9...@apache.org%3E >> >> -> https://commons.apache.org/proper/commons-fileupload/security.html >> >> b) the change for the release notes is only in trunk, not published >> to the site or the archives. This makes it hard to link to a >> definitive source. >> >> Gruss >> Bernd >> >
