Hi Juan Pablo,
I think this really comes down to a policy decision, insofar as in the
history
of this project we've come upon similar decisions, but to my memory I can't
think of how we've resolved them.
So yes, we can always recommend implementers/installers read the change logs
and
Hi Muthukumar,
(adding dev@jspwiki.apache.org since the conversation may pick up some
interest there - @dev: Muthukumar is the reporter of the last couple of
disclosed vulnerabilities on JSPWiki)
AFAIK, Apache projects, as a whole, don't follow a given, common security
practices' set, as each