All - Please become familiar with of the Apache process for reporting, discussing, filing JIRAs and fixing security vulnerabilities [1].
METRON-198 has exposed more than we should in a public manner and the attached report should be removed. Details of any particular issues should only be discussed on a project's security or private list and it needs to also include the [email protected] list. Fixes need to be discussed and agreed upon on the private list and JIRAs filed to commit the fix should be vague and as general as possible - so as not to disclose the details of the vulnerabilities and inform the development of exploits. Also, pay attention to the CVE related aspects of the process in the page referenced below. thanks, --larry 1. http://www.apache.org/security/committers.html
