[ofbiz-site] branch master updated: Update the security page, better formatting

Thu, 10 Feb 2022 08:40:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 5e18318  Update the security page, better formatting
5e18318 is described below

commit 5e18318f1e3551c8cc44de958c7ec60b1639f137
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Thu Feb 10 17:40:03 2022 +0100

    Update the security page, better formatting
---
 security.html                  | 12 +++++-------
 template/page/security.tpl.php | 12 +++++-------
 2 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/security.html b/security.html
index da9e756..89717e4 100644
--- a/security.html
+++ b/security.html
@@ -136,14 +136,12 @@
             <p>Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user. 
             <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a></strong></p>
             
-            <p>One of the reasosn we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
-            <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security";> we 
highly suggest to OFBiz users to not use credentials demo in production</a>
-             and we expect OFBiz users to do so.</br>
-            <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure#KeepingOFBizsecure-Tomcat9&AJP";>
 We also warn our users on this wiki page.</br>             
+            <p>One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
+            <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"; 
target="external"> we highly suggest to OFBiz users to not use credentials demo 
in production</a>
+             and we expect OFBiz users to do so.
+            <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"; 
target="external"> We also warn our users on the "Keeping OFBiz secure wiki 
page".</a>             
             And finally, mostly we reject post-auth vulnerabilities because we 
have a solid CSRF defense.</p>
-            
-            <p>You might be interested by our <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"; 
target="external">Keeping OFBiz secure wiki page.</a></p>
-            
+                        
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832" 
target="external">CVE-2021-44832</a>; affected all releases before 17.12.09 and 
18.12.05; fixed in 17.12.09 and 18.12.05 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/00896e7"; 
target="external">00896e7</a>, <a 
href="https://github.com/apache/ofbiz-plugins/commit/c69bc8f"; 
target="external">c69bc8f</a>, <a 
href="https://github.com/apache/ofbiz-framework/co [...]
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 863c9e9..15a855c 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -25,14 +25,12 @@
             <p>Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user. 
             <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a></strong></p>
             
-            <p>One of the reasosn we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
-            <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security";> we 
highly suggest to OFBiz users to not use credentials demo in production</a>
-             and we expect OFBiz users to do so.</br>
-            <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure#KeepingOFBizsecure-Tomcat9&AJP";>
 We also warn our users on this wiki page.</br>             
+            <p>One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
+            <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"; 
target="external"> we highly suggest to OFBiz users to not use credentials demo 
in production</a>
+             and we expect OFBiz users to do so.
+            <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"; 
target="external"> We also warn our users on the "Keeping OFBiz secure wiki 
page".</a>             
             And finally, mostly we reject post-auth vulnerabilities because we 
have a solid CSRF defense.</p>
-            
-            <p>You might be interested by our <a 
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure"; 
target="external">Keeping OFBiz secure wiki page.</a></p>
-            
+                        
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832" 
target="external">CVE-2021-44832</a>; affected all releases before 17.12.09 and 
18.12.05; fixed in 17.12.09 and 18.12.05 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/00896e7"; 
target="external">00896e7</a>, <a 
href="https://github.com/apache/ofbiz-plugins/commit/c69bc8f"; 
target="external">c69bc8f</a>, <a 
href="https://github.com/apache/ofbiz-framework/co [...]

Reply via email to