Thanks - please. Sent from Gmail Mobile
On Fri, Mar 29, 2024 at 3:37 AM Arnout Engelen <enge...@apache.org> wrote: > On Mon, Mar 18, 2024 at 5:50 PM James Dailey <jdai...@apache.org> wrote: > >> The CVEs are also documented here: >> >> https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report >> > > Congratulations on releasing those fixes! > > The ASF vulnerability handling policy ( > https://apache.org/security/committers.html) includes publishing the > advisories to various mailinglists (step 16). AFAICS that hasn't happened > yet. It might be worth fixing up the version ranges and publishing those > notification emails. Do you want me to take care of that on your behalf? > > I missed that. Thought it was automatic. Yes > With Yash Sancheti helping, we created a How to Secure Fineract page. >> Additional best practices should be shared there or on list to ensure that >> all instances of Fineract are kept secure. >> >> https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract >> > > That looks really great, thanks! Perhaps the 'Security' link at the bottom > of the website should link here instead of to the generic > https://www.apache.org/security? > > > Kind regards, > > -- > Arnout Engelen > ASF Security Response > Apache Pekko PMC member, ASF Member > NixOS Committer > Independent Open Source consultant >
