Author: kkolinko
Date: Thu Sep 5 19:06:38 2024
New Revision: 1920481
URL: http://svn.apache.org/viewvc?rev=1920481&view=rev
Log:
Minor changes. A typo, formatting of a title, clarity.
Modified:
tomcat/site/trunk/docs/security-model.html
tomcat/site/trunk/xdocs/security-model.xml
Modified: tomcat/site/trunk/docs/security-model.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920481&r1=1920480&r2=1920481&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-model.html (original)
+++ tomcat/site/trunk/docs/security-model.html Thu Sep 5 19:06:38 2024
@@ -3,7 +3,7 @@
<div class="subsection"><h4 id="Introduction">Introduction</h4><div
class="text">
- <p>This security model is currently in DRAFT from.</p>
+ <p>This security model is currently in DRAFT form.</p>
<p>The Apache Tomcat<sup>®</sup> Security Team reviews reported
vulnerabilities against the following security model:</p>
@@ -17,7 +17,7 @@
any of the following will be rejected:</p>
<ul>
- <li>The Manager or Host Manager applications provided with Tomcat.</li>
+ <li>The Manager or Host Manager web applications provided with
Tomcat.</li>
<li>Tomcat configuration files.</li>
<li>Tomcat binaries and/or scripts.</li>
<li>The JMX API (local or remote).</li>
@@ -29,7 +29,7 @@
perform (e.g. CSRF vulnerabilities) will be accepted.</p>
</div></div>
-
+
<div class="subsection"><h4 id="Web_applications">Web
applications</h4><div class="text">
<p>Web applications deployed to Tomcat are considered to be trusted.
@@ -39,8 +39,8 @@
<p>Reports of vulnerabilities in the web applications included with
standard Tomcat distributions from the ASF will be accepted. Reporters
should review the comments about each of the provided applications in
- the security considerations section of the documentation for the
- version under test.</p>
+ the <strong><i>Security Considerations</i></strong> section of the
+ documentation for the version under test.</p>
</div></div>
@@ -54,8 +54,8 @@
permitted by <code>allowedRequestAttributesPattern</code> for an
AJP
connector.</li>
<li>HTTP headers processed by a <code>RemoteIpValve</code>,
- <code>SSLValve</code>, equivalent filters or any similar
- functionality.</li>
+ <code>SSLValve</code>, equivalent filters
(<code>RemoteIpFilter</code>)
+ or any similar functionality.</li>
</ul>
</div></div>
Modified: tomcat/site/trunk/xdocs/security-model.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1920481&r1=1920480&r2=1920481&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-model.xml (original)
+++ tomcat/site/trunk/xdocs/security-model.xml Thu Sep 5 19:06:38 2024
@@ -11,7 +11,7 @@
<subsection name="Introduction">
- <p>This security model is currently in DRAFT from.</p>
+ <p>This security model is currently in DRAFT form.</p>
<p>The Apache Tomcat<sup>®</sup> Security Team reviews reported
vulnerabilities against the following security model:</p>
@@ -25,7 +25,7 @@
any of the following will be rejected:</p>
<ul>
- <li>The Manager or Host Manager applications provided with Tomcat.</li>
+ <li>The Manager or Host Manager web applications provided with
Tomcat.</li>
<li>Tomcat configuration files.</li>
<li>Tomcat binaries and/or scripts.</li>
<li>The JMX API (local or remote).</li>
@@ -37,7 +37,7 @@
perform (e.g. CSRF vulnerabilities) will be accepted.</p>
</subsection>
-
+
<subsection name="Web applications">
<p>Web applications deployed to Tomcat are considered to be trusted.
@@ -47,8 +47,8 @@
<p>Reports of vulnerabilities in the web applications included with
standard Tomcat distributions from the ASF will be accepted. Reporters
should review the comments about each of the provided applications in
- the security considerations section of the documentation for the
- version under test.</p>
+ the <strong><i>Security Considerations</i></strong> section of the
+ documentation for the version under test.</p>
</subsection>
@@ -62,8 +62,8 @@
permitted by <code>allowedRequestAttributesPattern</code> for an
AJP
connector.</li>
<li>HTTP headers processed by a <code>RemoteIpValve</code>,
- <code>SSLValve</code>, equivalent filters or any similar
- functionality.</li>
+ <code>SSLValve</code>, equivalent filters
(<code>RemoteIpFilter</code>)
+ or any similar functionality.</li>
</ul>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
