This is an automated email from the ASF dual-hosted git repository.

garydgregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-text.git


The following commit(s) were added to refs/heads/master by this push:
     new da37d480 Add threat model place holder.
da37d480 is described below

commit da37d480ec898ac33db48e7a9975fba843532a4f
Author: Gary Gregory <[email protected]>
AuthorDate: Sun Jul 5 08:28:33 2026 -0400

    Add threat model place holder.
---
 SECURITY.md                       |  5 ++++-
 src/site/markdown/threat_model.md | 43 +++++++++++++++++++++++++++++++++++++++
 src/site/site.xml                 |  5 ++++-
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 744d4cdd..6c39d6b9 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,4 +14,7 @@
  See the License for the specific language governing permissions and
  limitations under the License.
 -->
-The Apache Commons security page is 
[https://commons.apache.org/security.html](https://commons.apache.org/security.html).
+# Apache Commons Parent Security Policy
+Read the [Apache Commons Security 
Page](https://commons.apache.org/security.html).
+
+Read the [Apache Commons XML threat 
model](https://github.com/apache/commons-xml/blob/main/src/site/markdown/threat_model.md).
diff --git a/src/site/markdown/threat_model.md 
b/src/site/markdown/threat_model.md
new file mode 100644
index 00000000..70827e5d
--- /dev/null
+++ b/src/site/markdown/threat_model.md
@@ -0,0 +1,43 @@
+<!---
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements.  See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License.  You may obtain a copy of the License at
+
+      https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+# Apache Commons Threat Model
+
+## Introduction
+
+This page amends [Apache Commons Security 
page](https://commons.apache.org/security.html).
+
+For information about reporting or asking questions about security, please see 
the [Apache Commons Security page](https://commons.apache.org/security.html).
+
+This page lists all security vulnerabilities fixed in released versions of 
this component.
+
+Please note that binary patches are never provided. If you need to apply a 
source code patch, use the building instructions for the component version that 
you are using.
+
+If you need help on building this component or other help on following the 
instructions to mitigate the known vulnerabilities listed here, please send 
your questions to the
+public [user mailing list](mail-lists.html).
+
+If you have encountered an unlisted security vulnerability or other unexpected 
behavior that has security impact, or if the descriptions here are incomplete, 
please report them privately to the Apache Security Team. Thank you.
+
+## Threat Model
+
+TODO
+
+## Security Vulnerabilities
+
+None.
+
+## Safe Deserialization
+For information about safe deserialization, please see [Safe 
Deserialization](https://commons.apache.org/io/description.html#Safe_Deserialization).
diff --git a/src/site/site.xml b/src/site/site.xml
index 8bd58f0e..e642f5ba 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -31,7 +31,10 @@
       <item name="Issue Tracking" href="/issue-management.html" />
       <item name="Dependency Management" href="/dependency-info.html" />
       <item name="Sources" href="/scm.html" />
-      <item name="Security" href="security.html" />
+      <item name="Security">
+       <item name="Security" href="security.html" />
+        <item name="Threat Model" href="threat_model.html" />
+      </item>
       <item name="License" href="https://www.apache.org/licenses/LICENSE-2.0"; 
/>
       <item name="Code of Conduct" 
href="https://www.apache.org/foundation/policies/conduct.html"; />
       <item name="Download" 
href="https://commons.apache.org/proper/commons-text/download_text.cgi"; />

Reply via email to