Sorry, it's deleted now. We will be more careful in the future. Thanks for the vigilance, Larry.
Casey On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <[email protected]> wrote: > All - > > Please become familiar with of the Apache process for reporting, > discussing, filing JIRAs and fixing security vulnerabilities [1]. > > METRON-198 has exposed more than we should in a public manner and the > attached report should be removed. > > Details of any particular issues should only be discussed on a project's > security or private list and it needs to also include the [email protected] > list. > > Fixes need to be discussed and agreed upon on the private list and JIRAs > filed to commit the fix should be vague and as general as possible - so as > not to disclose the details of the vulnerabilities and inform the > development of exploits. > > Also, pay attention to the CVE related aspects of the process in the page > referenced below. > > thanks, > > --larry > > 1. http://www.apache.org/security/committers.html >
