submitting-patches.md

lukaszlenart Sat, 07 Jun 2014 02:41:25 -0700

Author: lukaszlenart
Date: Sat Jun  7 09:40:12 2014
New Revision: 1601081

URL: http://svn.apache.org/r1601081
Log:
Adds info and note about Google's patch reward program

Modified:
    struts/site/trunk/content/index.html
    struts/site/trunk/content/submitting-patches.html
    struts/site/trunk/source/index.html
    struts/site/trunk/source/submitting-patches.md

Modified: struts/site/trunk/content/index.html
URL: 
http://svn.apache.org/viewvc/struts/site/trunk/content/index.html?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/content/index.html (original)
+++ struts/site/trunk/content/index.html Sat Jun  7 09:40:12 2014
@@ -129,9 +129,10 @@
       <a 
href="http://struts.apache.org/release/2.3.x/docs/version-notes-23163.html";>Version
 notes</a>
     </div>
     <div class="col-md-4">
-      <h2>Struts up to 2.3.16.1: Zero-Day Exploit Mitigation!</h2>
-      <p>In Struts 2.3.16.1, an issue with ClassLoader manipulation via 
request parameters was supposed to be resolved. Unfortunately,
-        the correction wasn't sufficient, <a 
href="announce.html#a20140424">read more</a>
+      <h2>Google's Patch Rewards program</h2>
+      <p>During <a href="http://www.meetup.com/sfhtml5/";>SFHTML5</a> Google 
announced that they extend their program
+        to cover the Apache Struts project as well. Now you can earn some many 
preparing patches for us!
+        <a href="submitting-patches.html#patch-reward">read more</a>
       </p>
     </div>
     <div class="col-md-4">

Modified: struts/site/trunk/content/submitting-patches.html
URL: 
http://svn.apache.org/viewvc/struts/site/trunk/content/submitting-patches.html?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/content/submitting-patches.html (original)
+++ struts/site/trunk/content/submitting-patches.html Sat Jun  7 09:40:12 2014
@@ -182,6 +182,34 @@ your fork and branch to compare the diff
 <li><a href="http://wiki.apache.org/general/GitAtApache";>Git at Apache</a></li>
 </ul>
 
+<h1><span id="patch-reward">Google&#39;s Patch Reward program</h1>
+
+<p>During <a href="http://www.meetup.com/sfhtml5/";>SFHTML5</a> Google 
announced that they adding the Apache Struts project to
+<a href="https://www.google.com/about/appsecurity/patch-rewards/";>the 
Google&#39;s Security Patch Reward Program</a>.</p>
+
+<p>What does it mean?</p>
+
+<p>If you prepared a patch that eliminates a security vulnerability or 
improves existing security mechanism
+you can get a bounty :-) You will find more details on
+<a 
href="http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html";>the
 Google&#39;s blog</a>
+ or under the link above, just to give you a quick guideline how does it 
work:</p>
+
+<ul>
+<li>prepare a patch and submit it to our <a 
href="https://issues.apache.org/jira/browse/WW";>JIRA</a>,
+it can be a Pull Request on GitHub as well, but must reference the JIRA 
ticket.</li>
+<li>let us know that you did something great, post a message to <a 
href="dev-mail.html">Struts Dev mailing list</a></li>
+<li>we will review the patch and if it&#39;s a real great thing then we will 
merge it into our code base</li>
+<li>just wait on official release of the Apache Struts and now you can request 
the reward from Google :-)</li>
+</ul>
+
+<p><strong>NOTE</strong></p>
+
+<p>If you are concerned that your patch can disclose a security vulnerability, 
instead of submitting it as a ticket,
+send it directly to the <a href="mailto:secur...@struts.apache.org";>Struts 
Security team</a>. This will give us the possibility
+to prepare a new release with your patch in secret.</p>
+
+<p>Have fun and code!</p>
+
   </section>
 </article>
 

Modified: struts/site/trunk/source/index.html
URL: 
http://svn.apache.org/viewvc/struts/site/trunk/source/index.html?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/source/index.html (original)
+++ struts/site/trunk/source/index.html Sat Jun  7 09:40:12 2014
@@ -26,9 +26,10 @@ title: Welcome to the Apache Struts proj
       <a href="http://struts.apache.org/release/2.3.x/docs/version-notes-{{ 
site.current_version_short }}.html">Version notes</a>
     </div>
     <div class="col-md-4">
-      <h2>Struts up to 2.3.16.1: Zero-Day Exploit Mitigation!</h2>
-      <p>In Struts 2.3.16.1, an issue with ClassLoader manipulation via 
request parameters was supposed to be resolved. Unfortunately,
-        the correction wasn't sufficient, <a 
href="announce.html#a20140424">read more</a>
+      <h2>Google's Patch Rewards program</h2>
+      <p>During <a href="http://www.meetup.com/sfhtml5/";>SFHTML5</a> Google 
announced that they extend their program
+        to cover the Apache Struts project as well. Now you can earn some many 
preparing patches for us!
+        <a href="submitting-patches.html#patch-reward">read more</a>
       </p>
     </div>
     <div class="col-md-4">

Modified: struts/site/trunk/source/submitting-patches.md
URL: 
http://svn.apache.org/viewvc/struts/site/trunk/source/submitting-patches.md?rev=1601081&r1=1601080&r2=1601081&view=diff
==============================================================================
--- struts/site/trunk/source/submitting-patches.md (original)
+++ struts/site/trunk/source/submitting-patches.md Sat Jun  7 09:40:12 2014
@@ -77,3 +77,29 @@ Finally hit `Create Pull Request` button
 ## Further reading
 
  * [Git at Apache](http://wiki.apache.org/general/GitAtApache)
+
+# <span id="patch-reward">Google's Patch Reward program
+
+During [SFHTML5](http://www.meetup.com/sfhtml5/) Google announced that they 
adding the Apache Struts project to
+[the Google's Security Patch Reward 
Program](https://www.google.com/about/appsecurity/patch-rewards/).
+
+What does it mean?
+
+If you prepared a patch that eliminates a security vulnerability or improves 
existing security mechanism
+you can get a bounty :-) You will find more details on
+[the Google's 
blog](http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html)
+ or under the link above, just to give you a quick guideline how does it work:
+
+- prepare a patch and submit it to our 
[JIRA](https://issues.apache.org/jira/browse/WW),
+  it can be a Pull Request on GitHub as well, but must reference the JIRA 
ticket.
+- let us know that you did something great, post a message to [Struts Dev 
mailing list](dev-mail.html)
+- we will review the patch and if it's a real great thing then we will merge 
it into our code base
+- just wait on official release of the Apache Struts and now you can request 
the reward from Google :-)
+
+**NOTE**
+
+If you are concerned that your patch can disclose a security vulnerability, 
instead of submitting it as a ticket,
+send it directly to the [Struts Security 
team](mailto:secur...@struts.apache.org). This will give us the possibility
+to prepare a new release with your patch in secret.
+
+Have fun and code!

svn commit: r1601081 - in /struts/site/trunk: content/index.html content/submitting-patches.html source/index.html source/submitting-patches.md

Reply via email to