This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git
The following commit(s) were added to refs/heads/master by this push:
new e3a420b Improved: small changes in security page
e3a420b is described below
commit e3a420bc23a313757259848c1162e939a64e9cd4
Author: Jacques Le Roux <[email protected]>
AuthorDate: Mon Sep 1 09:16:05 2025 +0200
Improved: small changes in security page
---
security.html | 9 ++++-----
template/page/security.tpl.php | 9 ++++-----
2 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/security.html b/security.html
index 6df2036..0f73fae 100644
--- a/security.html
+++ b/security.html
@@ -118,17 +118,16 @@
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
[email protected] or [email protected]),
+ <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
preferably [email protected] or else [email protected]),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
- <p>Note that we no longer create CVEs for post-authN attacks.
+ <p>Note that we don't create CVEs for post-authN attacks.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create zero day Jira issues for unauth (aka pre-authN) reports,
thanks in advance.</span></strong></p>
- <p>One of the reason we no longer create CVEs for post-authN
attacks is because
+ <p>One of the reason we don't create CVEs for post-authN attacks
is because
<a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
and we expect OFBiz users to do so.
- <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
- And we finally reject pre-authN vulnerabilities because we have a
solid CSRF defense.
+ <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users ("Beware in production") on the
"Keeping OFBiz secure wiki page".</a>
</p>
<p>
To clarify the vocabulary used above here are 2 links:
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 31b56d2..b069f8d 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -19,17 +19,16 @@
<h2><a id="security"></a>Security Vulnerabilities</h2>
<div class="divider"><span></span></div>
- <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
[email protected] or [email protected]),
+ <p><strong>We strongly encourage OfBiz users to report security
problems affecting OFBiz to the private security mailing lists (either
preferably [email protected] or else [email protected]),
before disclosing them in a public forum. Please don't pack
several vulnerabilities in the same report, send them one by one, thanks in
advance.</strong></p>
- <p>Note that we no longer create CVEs for post-authN attacks.
+ <p>Note that we don't create CVEs for post-authN attacks.
<strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs
reports in our issue tracker (Jira) for that.</a><span style="color:red">
Please don't create zero day Jira issues for unauth (aka pre-authN) reports,
thanks in advance.</span></strong></p>
- <p>One of the reason we no longer create CVEs for post-authN
attacks is because
+ <p>One of the reason we don't create CVEs for post-authN attacks
is because
<a
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/README.html#security";
target="external"> we highly suggest to OFBiz users to not use credentials
demo in production</a>
and we expect OFBiz users to do so.
- <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users on the "Keeping OFBiz secure wiki
page".</a>
- And we finally reject pre-authN vulnerabilities because we have a
solid CSRF defense.
+ <a
href="https://cwiki.apache.org/confluence/display/OFBIZ/Keeping+OFBiz+secure";
target="external"> We also warn our users ("Beware in production") on the
"Keeping OFBiz secure wiki page".</a>
</p>
<p>
To clarify the vocabulary used above here are 2 links:
