I can try to do that this weekend. I assume master?
Chris Snider
Senior Software Engineer
[cid:image001.png@01D2E6A5.9104F820]
From: andrea.a...@gmail.com [mailto:andrea.a...@gmail.com] On Behalf Of Andrea
Aime
Sent: Thursday, June 07, 2018 8:25 AM
To: Chris Snider <chris.sni...@polarisalpha.com>
Cc: Dave Wichers <dave.wich...@ey.com>; geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Known vulnerability in commons-fileupload
v1.2.1, used by geoserver
Hi Chris,
that's a sensible suggestion. The web site is on gihub, any chance you could do
a pull request? I'm swamped...
https://github.com/geoserver/geoserver.github.io
Cheers
Andrea
On Thu, Jun 7, 2018 at 4:18 PM, Chris Snider
<chris.sni...@polarisalpha.com<mailto:chris.sni...@polarisalpha.com>> wrote:
Andrea,
It took me a second to find the security block. I completely overlooked the
blue field.
Maybe add a new header under the “User List”
<h3>User List</h3>
This list is for end users blah blah blah
<h3>Reporting Security Vulnerabilities</h3>
If you encounter a security vulnerability blah blah blah
<h3>Posting Guidelines</h3>
Please read through etc. etc. etc.
Thought I’d say blah again didn’t you
<h3>Developer Lists</h3>
The rest of the page, and so on
This might draw attention?
Chris Snider
Senior Software Engineer
[cid:image001.png@01D2E6A5.9104F820]
From: Andrea Aime
[mailto:andrea.a...@geo-solutions.it<mailto:andrea.a...@geo-solutions.it>]
Sent: Thursday, June 07, 2018 12:23 AM
To: Dave Wichers <dave.wich...@ey.com<mailto:dave.wich...@ey.com>>
Cc:
geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>
Subject: Re: [Geoserver-users] Known vulnerability in commons-fileupload
v1.2.1, used by geoserver
The comm page, where I believe you found info on registering for the user list,
has a clear warning not to post security vulnerabilities:
http://geoserver.org/comm/
"If you encounter a security vulnerability in GeoServer please take care to
report the issue in a responsible fashion. Do not use the mailing list, go
intead to the Jira bug tracker instead and follow the "Responsible disclosure"
instructions there."
How do we make it more plain and evident so that grave mistakes do not occur
anymore in the future?
Maybe we should switch the background color of that box to red...
Regards
Andrea
<removed>
--
Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit
http://goo.gl/it488V for more information. == Ing. Andrea Aime @geowolf
Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 Massarosa (LU)
phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549
http://www.geo-solutions.it http://twitter.com/geosolutions_it
------------------------------------------------------- Con riferimento alla
normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento
generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza
inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è
un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo
scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo,
ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene
notizia. This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by European
Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or
the information herein by anyone other than the intended recipient is
prohibited. If you have received this email by mistake, please notify us
immediately by telephone or e-mail.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
