Repository: incubator-freemarker-site Updated Branches: refs/heads/master db4cd5926 -> d215bf4e3
Added a simple page to describe how to report security vulnerabilities. Project: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/commit/cd504f88 Tree: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/tree/cd504f88 Diff: http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/diff/cd504f88 Branch: refs/heads/master Commit: cd504f88e776a3446adf9a4a3214cdfa1ab32aaf Parents: db4cd59 Author: Jacopo Cappellato <jacopo.cappell...@gmail.com> Authored: Sun Jan 22 17:01:18 2017 +0100 Committer: Jacopo Cappellato <jacopo.cappell...@gmail.com> Committed: Sun Jan 22 17:01:18 2017 +0100 ---------------------------------------------------------------------- src/main/docgen/book.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-freemarker-site/blob/cd504f88/src/main/docgen/book.xml ---------------------------------------------------------------------- diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml index ebf9ba4..f06c5e7 100644 --- a/src/main/docgen/book.xml +++ b/src/main/docgen/book.xml @@ -537,6 +537,27 @@ two freemarker.jar-s and unpredictable behavior! <para/> </section> + <section xml:id="security"> <title>Security reports</title> + <para>We strongly encourage to report security vulnerabilities to our + private mailing list first, rather than disclosing them in a public + forum. The private security mailing address is: + <olink targetdoc="privateMailingList"> + <link xlink:href="mailto:priv...@freemarker.incubator.apache.org";> + priv...@freemarker.incubator.apache.org + </link> + </olink> + </para> + + <para>Please note that this mailing list should only be used for + reporting undisclosed security vulnerabilities in Apache FreeMarker and + managing the process of fixing such vulnerabilities. We cannot accept + regular bug reports or other queries at this address.</para> + + <para>If you need to report a bug that isn't an undisclosed security + vulnerability, please use + <olink targetdoc="newBugReport">Report bugs</olink>.</para> + </section> + <section> <title><olink targetdoc="newStackOverflowQuestion">Ask help on Stack Overflow</olink></title>
