This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 30ef62f Improved: clarify auth abbrev
30ef62f is described below
commit 30ef62f815e172429fca3cc3d4afc455d2a4ad1f
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Aug 26 16:54:50 2024 +0200
Improved: clarify auth abbrev
After reading
https://cwe.mitre.org/data/definitions/863.html#ocimg_863_Alternate_Terms
I decided to rather use authN than only auth as it's explained in this page
---
security.html | 8 ++++----
template/page/security.tpl.php | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/security.html b/security.html
index 6554429..0e5d546 100644
--- a/security.html
+++ b/security.html
@@ -122,14 +122,14 @@
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
- <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
+ <p>Note that we no longer create CVEs for post-authN attacks done
using demo credentials, notably using the admin user.
+ <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-authN) reports, thanks in
advance.</span></strong></p>
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+ <p>One of the reason we no longer create CVEs for post-authN
attacks done using demo credentials is because
<a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
and we expect OFBiz users to do so.
<a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
- And finally, mostly we reject post-auth vulnerabilities because we
have a solid CSRF defense.</p>
+ And finally, mostly we reject post-authN vulnerabilities because
we have a solid CSRF defense.</p>
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 19f358b..02e3fd2 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -23,14 +23,14 @@
<p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
secur...@ofbiz.apache.org or secur...@apache.org),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
- <p>Note that we no longer create CVEs for post-auth attacks done
using demo credentials, notably using the admin user.
- <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in
advance.</span></strong></p>
+ <p>Note that we no longer create CVEs for post-authN attacks done
using demo credentials, notably using the admin user.
+ <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-authN) reports, thanks in
advance.</span></strong></p>
- <p>One of the reason we no longer create CVEs for post-auth
attacks done using demo credentials is because
+ <p>One of the reason we no longer create CVEs for post-authN
attacks done using demo credentials is because
<a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
and we expect OFBiz users to do so.
<a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
- And finally, mostly we reject post-auth vulnerabilities because we
have a solid CSRF defense.</p>
+ And finally, mostly we reject post-authN vulnerabilities because
we have a solid CSRF defense.</p>
<h3>List of Known Vulnerabilities</h3>
<ul class="iconsList">
