ppkarwasz commented on code in PR #10: URL: https://github.com/apache/logging-site/pull/10#discussion_r2273381095
########## _threat-model-common.adoc: ########## @@ -16,31 +16,129 @@ //// [#threat-common] -=== Common threat model += Common threat model -Below we share the threat model shared by all Logging Services projects. +All the logging frameworks maintained by Apache Logging Services (https://logging.apache.org/log4cxx/index.html[Log4cxx], +https://logging.apache.org/log4j/index.html[Log4j] +and +https://logging.apache.org/log4net/index.html[Log4net]) face similar challenges from malicious actors. +The following sections contain the most common threats that a logging framework faces and the assumptions on the origin of various trusted data. +Vulnerability reports that don't follow those assumptions will not be accepted and are **not** eligible for our +https://yeswehack.com/programs/log4j-bug-bounty-program[Bug Bounty Program]. Review Comment: Fixed in https://github.com/apache/logging-site/pull/10/commits/6423e0f077333c2a5ca0859de03860db7b06adeb -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@logging.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
