Author: husted
Date: Sun Aug 26 18:06:29 2007
New Revision: 569942
URL: http://svn.apache.org/viewvc?rev=569942&view=rev
Log:
Add security page and ApacheCon plugs.
Added:
struts/site/src/site/xdoc/security.xml
Modified:
struts/site/src/site/fml/kickstart.fml
struts/site/src/site/site.xml
struts/site/src/site/xdoc/index.xml
Modified: struts/site/src/site/fml/kickstart.fml
URL:
http://svn.apache.org/viewvc/struts/site/src/site/fml/kickstart.fml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/fml/kickstart.fml (original)
+++ struts/site/src/site/fml/kickstart.fml Sun Aug 26 18:06:29 2007
@@ -289,7 +289,7 @@
If you believe you've found a security vulnerability in
Apache Struts, please contact our
security address - any emails not relating to security
vulnerabilities will be ignored without
a reply (all security related information will be kept
confidential unless otherwise indicated):
- [security (at) apache (dot) org].
+ [security (at) struts (dot) apache (dot) org].
</p>
</answer>
</faq>
Modified: struts/site/src/site/site.xml
URL:
http://svn.apache.org/viewvc/struts/site/src/site/site.xml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/site.xml (original)
+++ struts/site/src/site/site.xml Sun Aug 26 18:06:29 2007
@@ -77,6 +77,10 @@
name="Issue Tracker (JIRA)"
href="http://issues.apache.org/struts/";
/>
+ <item
+ name="Reporting Security Issues"
+ href="security.html"
+ />
</menu>
<menu name="Development">
Modified: struts/site/src/site/xdoc/index.xml
URL:
http://svn.apache.org/viewvc/struts/site/src/site/xdoc/index.xml?rev=569942&r1=569941&r2=569942&view=diff
==============================================================================
--- struts/site/src/site/xdoc/index.xml (original)
+++ struts/site/src/site/xdoc/index.xml Sun Aug 26 18:06:29 2007
@@ -32,14 +32,43 @@
</p>
</section>
+ <section name="ApacheCon US 2007 - Atlanta GA">
+ <a href="http://apachecon.com/";><img
src="http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png"; alt="ApacheCon
US 2007" hspace="16" align="right"/></a>
+ <p>
+ Three Struts presentations are scheduled for
+ <a href="http://www.us.apachecon.com/";>ApacheCon US 2007</a>,
+ which is being held in Atlanta GA, November 12-16.
+ </p>
+
+ <ul>
+ <li><a
href="http://us.apachecon.com/us2007/program/talk/1883";>Migrating to Ajax</a>
(Ted Husted), 12 Nov @10a (five-hour training course)</li>
+ <li><a
href="http://us.apachecon.com/us2007/program/talk/1880";>Using Groovy with
Struts 2</a> (Mark Menard), 13 Nov @10a (five-hour training course)</li>
+ <li><a
href="http://us.apachecon.com/us2007/program/talk/2058";>Go Light with Apache
Struts 2 and REST</a> (Don Brown), 15 Nov @5:30p (one-hour presentation)</li>
+ </ul>
+
+ <p>
+ Also of interest (among many others!):
+ </p>
+
+ <ul>
+ <li><a
href="http://us.apachecon.com/us2007/program/talk/2023";>Apache Roller and Blogs
as a Web Development Platform</a> (Dave Johnson), 14 Nov @10:30a (one hour
presentation)</li>
+ <li><a
href="http://us.apachecon.com/us2007/program/talk/1903";>Apache Harmony -
Building Java SE in Open source</a> (Geir Magnusson Jr.), 14 Nov @4:30p (one
hour presentation)</li>
+ <li><a
href="http://us.apachecon.com/us2007/program/talk/1994";>Comparing Java Web
Frameworks</a> (Matt Raible), 15 Nov @9a (one hour presentation)</li>
+ </ul>
+
+ <p>
+ Hope to see you there!
+ </p>
+
+ </section>
+
<a name="Threads"/>
<section name="Recent Threads">
- <a href="http://apachecon.com/";><img
src="http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png"; alt="ApacheCon
US 2007" hspace="16" align="right"/></a>
<p>
What do people who use Apache Struts have to say about using it?
Browse the
- <a href="http://www.nabble.com/Struts---User-f206.html";>
- user mailing list,</a>
+ <strong><a
href="http://www.nabble.com/Struts---User-f206.html";>
+ user mailing list,</a></strong>
and see for yourself.
</p>
<ul>
Added: struts/site/src/site/xdoc/security.xml
URL:
http://svn.apache.org/viewvc/struts/site/src/site/xdoc/security.xml?rev=569942&view=auto
==============================================================================
--- struts/site/src/site/xdoc/security.xml (added)
+++ struts/site/src/site/xdoc/security.xml Sun Aug 26 18:06:29 2007
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<!--
+Copyright 1999-2005 The Apache Software Foundation
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+// ======================================================================== 78
+-->
+<document>
+
+ <properties>
+ <title>Security Issues</title>
+ </properties>
+
+ <body>
+
+ <section name="Reporting New Security Issues with Apache Struts">
+
+ <p>
+ The Apache Struts project takes a very active stance in
+ eliminating security problems and denial of service attacks
+ against applications using the Apache Struts framework.
+ </p>
+
+ <p>
+ We strongly encourage folks to report such problems to our
+ private security mailing list first, before disclosing them
+ in a public forum.
+ </p>
+
+ <p>
+ <strong>We cannot accept regular bug reports or other queries at
+ this address, we ask that you use our
+ <a href="http://issues.apache.org/struts/";>issue tracker
(JIRA)</a>
+ for those. <font color="red">All mail sent to this
+ address that does not relate to security problems in the Apache
+ Struts source code will be ignored.</font></strong>
+ </p>
+
+ <p>
+ Note that all networked servers are subject to denial of service
+ attacks, and we cannot promise magic workarounds to generic
problems
+ (such as a client streaming lots of data to your server, or
re-requesting
+ the same URL repeatedly). In general our philosophy is to avoid
any
+ attacks which can cause the server to consume resources in a
non-linear
+ relationship to the size of inputs.
+ </p>
+
+ <p>
+ The mailing address is:
+ <code>security at struts (dot) apache (dot) org</code>
+ </p>
+
+ <p>
+ <a
href="http://httpd.apache.org/docs/trunk/misc/security_tips.html";>
+ General network server security tips</a>
+ </p>
+
+ </section>
+
+ </body>
+</document>
![http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png"](http://www.apache.org/ads/ApacheCon/2007-usa-125x125.png"){kind=link}