This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new 92bd6a7 Improved: clarifies to not create zero day issues in Jira
92bd6a7 is described below
commit 92bd6a76bf67792f52933b21344905f17c08bcd0
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Mar 8 13:37:51 2025 +0100
Improved: clarifies to not create zero day issues in Jira
---
security.html | 2 +-
template/page/security.tpl.php | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security.html b/security.html
index ecea5e1..ec97937 100644
--- a/security.html
+++ b/security.html
@@ -123,7 +123,7 @@
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
<p>Note that we no longer create CVEs for post-authN attacks done
using demo credentials, notably using the admin user.
- <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-authN) reports, thanks in
advance.</span></strong></p>
+ <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create zero day Jira issues for unauth (aka pre-authN) reports,
thanks in advance.</span></strong></p>
<p>One of the reason we no longer create CVEs for post-authN
attacks done using demo credentials is because
<a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 9cadb98..f7fe117 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -24,7 +24,7 @@
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
<p>Note that we no longer create CVEs for post-authN attacks done
using demo credentials, notably using the admin user.
- <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create Jira issues for unauth (aka pre-authN) reports, thanks in
advance.</span></strong></p>
+ <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create zero day Jira issues for unauth (aka pre-authN) reports,
thanks in advance.</span></strong></p>
<p>One of the reason we no longer create CVEs for post-authN
attacks done using demo credentials is because
<a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
