This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
commit 73b9e9ec17bcba48fa3e6f8f1efd3d9b5dd56c95
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Feb 19 19:26:09 2022 +0100
Adds a mention about sending vulerabilities reports one by one and not
packed
---
download.html | 4 +++-
security.html | 3 ++-
template/page/download.tpl.php | 4 +++-
template/page/security.tpl.php | 3 ++-
4 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/download.html b/download.html
index 2e3c5c7..3223c7a 100644
--- a/download.html
+++ b/download.html
@@ -277,7 +277,9 @@ available <a href="security.html">here</a></p>
<a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
<a href="release-notes-18.12.05.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
+ before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
+
<p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a></strong></p>
diff --git a/security.html b/security.html
index 89717e4..5e3e608 100644
--- a/security.html
+++ b/security.html
@@ -131,7 +131,8 @@
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
+ before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
<p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a></strong></p>
diff --git a/template/page/download.tpl.php b/template/page/download.tpl.php
index 281c20b..5affad8 100644
--- a/template/page/download.tpl.php
+++ b/template/page/download.tpl.php
@@ -166,7 +166,9 @@ available <a href="security.html">here</a></p>
<a href="https://downloads.apache.org/ofbiz/KEYS";
target="external">[KEYS]</a>
<a href="release-notes-18.12.05.html">[Release Notes]</a>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
+ before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
+
<p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a></strong></p>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 15a855c..33d20ce 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -20,7 +20,8 @@
<div class="divider"><span></span></div>
<p>Please see the <a href="https://www.apache.org/security";
target="external">ASF Security Team webpage</a> for further information about
reporting a security vulnerability as well as their contact information. </p>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org), before disclosing them in a
public forum.</strong></p>
+ <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
+ before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
<p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a></strong></p>
