Hi, On Wed, May 6, 2026 at 1:36 PM Richard Eckart de Castilho <[email protected]> wrote:
> Hi, > > > On 6. May 2026, at 20:30, Ernesto Reinaldo Barreiro <[email protected]> > wrote: > > > > Question. Shouldn't we create ISSUE for such things and add ISSUE > > number to commit? SO, that the ISSUE is reported on release and it is > > clear that this is a security fix, requiring us to warn users they > > should upgrade? > > Please have a look at the ASF guidelines for handling vulnerabilities: > > https://www.apache.org/security/committers.html > > In particular: > > https://www.apache.org/security/committers.html#work-in-private Clear... 10. The project team commits the fix. Do not make any reference that the commit relates to a security vulnerability. Thanks for making it clear to me. > I believe it will answer your questions :) > > Cheers, > > -- Richard > > -- Regards - Ernesto Reinaldo Barreiro Apache Wicket Committer
