Hey Vishwas, Apparently your announcement was not accepted to the [email protected] list. If you've received an explanation for why, I'd be curious to know what it is. I assume you are working on formulating a mail that is accepted?
If you need help with anything, let me know. Also if you want examples of successful announcements, you can use: https://lists.apache.org/[email protected] Go to advanced search and look for mails with CVE in the subject line. Best Regards, Myrle On Wed, Oct 16, 2019 at 8:26 AM Vishwas Babu (Apache) < [email protected]> wrote: > Hello, > > The Apache Fineract project would like to hereby disclose that our 1.3.0 > > release includes a fix for CVE-2016-4977 : A known vulnerability in spring > > security upstream dependencies allowed malicious users to trigger remote code > > execution. See https://nvd.nist.gov/vuln/detail/CVE-2016-4977 for details of > > the upstream CVE. > > We would like to thank Roberto ([email protected]) for reporting > > this issue and the Apache Security team for their assistance. > > Additional details at > https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report. > > Regards, > Vishwas > >
