This is an automated email from the ASF dual-hosted git repository.
ddekany pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/freemarker-site.git
The following commit(s) were added to refs/heads/master by this push:
new ef8db46 Changed security vulnerability reporting address to
[email protected]. Added link to user uploaded templates FAQ.
ef8db46 is described below
commit ef8db46148dce4a66e35f3989a3eac6c5cfcf67c
Author: ddekany <[email protected]>
AuthorDate: Sat Mar 28 10:29:53 2020 +0100
Changed security vulnerability reporting address to [email protected].
Added link to user uploaded templates FAQ.
---
src/main/docgen/book.xml | 15 ++++++---------
src/main/docgen/docgen.cjson | 2 ++
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml
index bf4d27d..b6091a7 100644
--- a/src/main/docgen/book.xml
+++ b/src/main/docgen/book.xml
@@ -483,15 +483,12 @@ two freemarker.jar-s and unpredictable behavior!
<section xml:id="report-security-vulnerabilities">
<title>Report security vulnerability</title>
- <para>We strongly encourage to report security vulnerabilities to our
- private mailing list first, rather than disclosing them in a public
- forum. The private security mailing address is: <olink
- targetdoc="privateMailingList"/></para>
-
- <para>Please note that this mailing list should only be used for
- reporting undisclosed security vulnerabilities in Apache FreeMarker and
- managing the process of fixing such vulnerabilities. We cannot accept
- regular bug reports or other queries at this address.</para>
+ <para>We strongly encourage to report security vulnerabilities to <olink
+ targetdoc="securityMailingList"/>, rather than disclosing them publicly.
+ Please indicate in the subject that the mail is about FreeMarker! Also,
+ if this is about templates edited by untrusted users, please consider
+ <olink targetdoc="templateUploadingSecurityFaq">this FAQ entry</olink>
+ first.</para>
<para>If you want to report a bug that isn't an undisclosed security
vulnerability, please use <olink targetdoc="newBugReport">our regular
diff --git a/src/main/docgen/docgen.cjson b/src/main/docgen/docgen.cjson
index 2c26893..ed914b8 100644
--- a/src/main/docgen/docgen.cjson
+++ b/src/main/docgen/docgen.cjson
@@ -78,6 +78,7 @@ olinks: {
githubMirrorOnlineTester:
"https://github.com/apache/freemarker-online-tester";
githubProject: "olink:githubMirrorFreemarker"
githubProjectOld: "https://github.com/freemarker/";
+ securityMailingList: "mailto:[email protected]";
privateMailingList: "mailto:[email protected]";
devMailingList: "mailto:[email protected]";
devMailingListSubscribe: "mailto:[email protected]";
@@ -94,6 +95,7 @@ olinks: {
asfHome: "http://www.apache.org/";
asfIncubator: "http://incubator.apache.org/";
asfLicense: "http://www.apache.org/licenses/";
+ templateUploadingSecurityFaq:
"https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security";
emacsPluginDownload:
"https://sourceforge.net/projects/freemarker/files/editor-plugins/ftl.el/download";
kwritePluginDownload:
"https://sourceforge.net/projects/freemarker/files/editor-plugins/kwriteftl.tar.gz/download";
