Author: jlmonteiro Date: Wed Feb 19 15:20:37 2014 New Revision: 1569783 URL: http://svn.apache.org/r1569783 Log: Adding more security information
Modified: tomee/site/trunk/content/security/index.mdtext Modified: tomee/site/trunk/content/security/index.mdtext URL: http://svn.apache.org/viewvc/tomee/site/trunk/content/security/index.mdtext?rev=1569783&r1=1569782&r2=1569783&view=diff ============================================================================== --- tomee/site/trunk/content/security/index.mdtext (original) +++ tomee/site/trunk/content/security/index.mdtext Wed Feb 19 15:20:37 2014 @@ -68,19 +68,31 @@ we will consider packaging a new securit In order to achieve a smoothly migration patch between a TomEE version and a security update, the TomEE team has decided to adopt the following versionning *major*.*minor*.*patch*[.*security*] -* major ([0-9]+) -* minor ([0-9]+) -* patch ([0-9]+) -* security update (su[0-9]+)? - +* major ([0-9]+): it refers mainly to the Java EE version we implement. 1.x for Java EE 6 for example. +* minor ([0-9]+): contains features, bugfixes and security fixes (internal or third-party) +* patch ([0-9]+): only bugfixes applied +* security update (su[0-9]+)?: security update suffix that makes it possible to easily differentiate security fixes and +to upgrade with a minimal of changes, hence impacts. + +The last security update part is optional, and applies when a sub project has been released and was under an +advisory. The TomEE team will just grab the related tag and update the dependency. The release checks are then +smaller and the community can deliver a fixed version faster. ## Additional information ### Secunia +Secunia is an international IT security company specialising in vulnerability management based in Copenhagen, Denmark. + +There is an [Apache Software Foundation vendor](http://secunia.com/advisories/vendor/8/) declared so you can follow +all vulnarabilities related to Apache products. Of course, a Apache TomEE product +is also available so you can search for know advisories. + + ### Links * [http://apache.org/security/](http://apache.org/security/) * [http://apache.org/security/projects.html](http://apache.org/security/projects.html) * [http://apache.org/security/committers.html](http://apache.org/security/committers.html) +* [Common Vulnerabilities and Exposures database](http://cve.mitre.org/)