oscerd opened a new pull request, #1695:
URL: https://github.com/apache/camel-website/pull/1695
## Summary
Recent releases have shipped a large batch of CVE advisories. This adds a
box to the **Trust by Default** page that addresses that head-on: it frames the
volume as evidence of an *active* security effort rather than a leaky
framework, and explains the work and timing behind each advisory.
The new box sits directly after **"Security handled in the open"**, so the
two read as a pair — first *how* vulnerabilities are handled, then *what it
costs and why you see so many*.
## What the section says
- **Where reports come from** — researchers across the industry report to
the ASF's private security list, and the project also audits proactively: when
one component is found to mishandle inbound message headers, the whole
connector portfolio is swept for the same pattern rather than patching only the
reported one. That is why advisories arrive in families.
- **Every reporter is credited by name** in the advisory.
- **The work behind each one** — triage against the [Security
Model](/manual/security-model.html), a fix with regression tests, a backport to
*every* supported release line, a CVE assignment, and a written, signed
advisory with the affected version ranges and an applicable workaround.
- **The timing** — nothing is published until the fixes have shipped
(coordinated disclosure).
- **Above and beyond** — advisories are published even when a hardening
change has no known exploit path, "because the alternative is asking you to
trust a silence you cannot check."
## Notes
- **No hardcoded advisory count.** The copy deliberately uses durable
framing ("a lot of", "in families") rather than a number, since any count
drifts with every release. Verified: the new section contains no digits.
- Reuses the existing `security` icon and the established box/shortcode
structure; shortcode open/close balance verified (20/20).
- Single file changed, additive only.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]