Re: [Geoserver-users] Security update notifications

Tue, 11 Apr 2017 05:58:29 -0700 

Hi Clifford,
I don't think so, though I can see how it would be useful.

The blog has a "vulnerability" category, though little used:
http://blog.geoserver.org/category/vulnerability/
And a tag for "security" (also little used):
http://blog.geoserver.org/tag/security/

On JIRA, it looks like there is a "Vulnerability" "component":
https://osgeo-org.atlassian.net/browse/GEOS-8041?jql=project%20%3D%20GEOS%20AND%20component%20%3D%20Vulnerability

and a "label" for "security":
https://osgeo-org.atlassian.net/browse/GEOS-7744?jql=labels%20%3D%20security

As to how often they're not used when they should be? No idea.

The release notes for a specific version usually do mention textually (even if 
not as a category/label/tag/whatever) that something is a security issue.

Cheers,
Jonathan



---- On Mon, 10 Apr 2017 18:44:24 +0100  Clifford M CIV NAVOCEANO, N642 Harms 
<[email protected]> wrote ---- 

As an organization using GeoServer in a production environment, I was wondering 
if there is an existing mailing list or some other mechanism that can notify me 
when a geoserver update resolves security issues (particularly application 
vulnerabilities)? If no such thing exists, it may be possible to do this for 
myself with a filter subscription in the OSGeo JIRA instance. Are there any 
issue attributes (labels, issue types, etc.) that are reliably and consistently 
used to mark issues related to application vulnerabilities? 
 
Thanks. 
Clifford M. Harms 
 
 
------------------------------------------------------------------------------ 
Check out the vibrant tech community on one of the world's most 
engaging tech sites, Slashdot.org! 
http://sdm.link/slashdot_______________________________________________ 
Geoserver-users mailing list 
[email protected] 
https://lists.sourceforge.net/lists/listinfo/geoserver-users 






------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to