[Couchdb Wiki] Update of "Security" by JoanTouzet

2018-04-12 Thread Apache Wiki 
Dear wiki user,

You have subscribed to a wiki page "Couchdb Wiki" for change notification.

The page "Security" has been deleted by JoanTouzet:

https://wiki.apache.org/couchdb/Security?action=diff=4=5

- <>
  
- Please see our 
[[http://docs.couchdb.org/en/stable/cve/index.html|documentation and official 
process]] instead.
-

[Couchdb Wiki] Update of "Security" by JoanTouzet

2018-04-06 Thread Apache Wiki 
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Couchdb Wiki" for 
change notification.

The "Security" page has been changed by JoanTouzet:
https://wiki.apache.org/couchdb/Security?action=diff=3=4

Comment:
decom, point to official docs instead

  <>
  
- = Security =
+ Please see our 
[[http://docs.couchdb.org/en/stable/cve/index.html|documentation and official 
process]] instead.
  
- This page explains the CouchDB and Apache Security Policies and links to a 
list of known vulnerabilities.
- 
- == List of Vulnerabilities ==
- 
-  * 31.03.2010: [[http://markmail.org/message/7x6ljrjsj5u3zr4h|CVE-2010-0009]] 
affects all versions of Apache CouchDB prior to 0.11.0.
-  * 21.02.2010: 
[[http://mail-archives.apache.org/mod_mbox/couchdb-dev/201008.mbox/%%3cd105f928-15c0-403a-a958-1fd2648f5...@apache.org%%3e|CVE-2010-2234]]
 affects all versions of Apache CouchDB prior to 0.11.2.
-  * 28.01.2011: 
[[http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%%3cc840f655-c8c5-4ec6-8aa8-dd223e39c...@apache.org%%3e|CVE-2010-3854]]
 affects all versions of Apache CouchDB prior to 1.0.1.
-  * 14.01.2013: [[http://markmail.org/thread/67bpkke5yr42cur5 | CVE-2012-5641 
]] affects all versions.
-  * 14.01.2013: [[http://markmail.org/thread/d6pwilyhs36xxdiv | CVE-2012-5650 
]] affects all versions.
-  * 14.01.2013: [[http://markmail.org/thread/r3btufgy4ahnw76e | CVE-2012-5651 
]] affects all versions.
- 
- 
- == Reporting New Security Problems with Apache CouchDB ==
- 
- The Apache Software Foundation takes a very active stance in eliminating 
security problems and denial of service attacks against Apache CouchDB.
- 
- We strongly encourage folks to report such problems to our private security 
mailing list first, before disclosing them in a public forum.
- 
- Please note that the security mailing list should only be used for reporting 
undisclosed security vulnerabilities in Apache CouchDB and managing the process 
of
- fixing such vulnerabilities. We cannot accept regular bug reports or other 
queries at this address. All mail sent to this address that does not relate to 
an undisclosed
- security problem in the Apache CouchDB source code will be ignored.
- 
- If you need to report a bug that isn't an undisclosed security vulnerability, 
please use [[https://issues.apache.org/jira/browse/COUCHDB|the bug reporting 
page]].
- 
- Questions about:
- 
-  * how to configure CouchDB securely
-  * if a vulnerability applies to your particular application
-  * obtaining further information on a published vulnerability
-  * availability of patches and/or new releases
- 
- should be address to the [users mailing list][lists]. Please see 
[[http://wiki.apache.org/couchdb/Mailing%20lists|the mailing lists page]] for 
details of how to subscribe.
- 
- The private security mailing address is: 
[[mailto:secur...@couchdb.apache.org|secur...@couchdb.apache.org]]
- 
- Please read [[http://www.apache.org/security/committers.html|how the Apache 
Software Foundation handles security]]
- reports to know what to expect.
- 
- Note that all networked servers are subject to denial of service attacks, and 
we cannot promise magic workarounds to generic problems (such as a client 
streaming lots of data to your server, or re-requesting the same URL 
repeatedly). In general our philosophy is to avoid any attacks which can cause 
the server to consume resources in a non-linear relationship to the size of 
inputs.
-