On Mon, Mar 18, 2024 at 5:50 PM James Dailey <jdai...@apache.org> wrote:
> The CVEs are also documented here: > > https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report > Congratulations on releasing those fixes! The ASF vulnerability handling policy ( https://apache.org/security/committers.html) includes publishing the advisories to various mailinglists (step 16). AFAICS that hasn't happened yet. It might be worth fixing up the version ranges and publishing those notification emails. Do you want me to take care of that on your behalf? > With Yash Sancheti helping, we created a How to Secure Fineract page. > Additional best practices should be shared there or on list to ensure that > all instances of Fineract are kept secure. > > https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract > That looks really great, thanks! Perhaps the 'Security' link at the bottom of the website should link here instead of to the generic https://www.apache.org/security? Kind regards, -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
