Author: markt
Date: Fri Sep 20 08:08:15 2024
New Revision: 1920804
URL: http://svn.apache.org/viewvc?rev=1920804&view=rev
Log:
Link to the security model to describe acceptable vulnerability reports
Modified:
tomcat/site/trunk/docs/security-model.html
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/security-model.xml
tomcat/site/trunk/xdocs/security.xml
Modified: tomcat/site/trunk/docs/security-model.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920804&r1=1920803&r2=1920804&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-model.html (original)
+++ tomcat/site/trunk/docs/security-model.html Fri Sep 20 08:08:15 2024
@@ -3,8 +3,6 @@
<div class="subsection"><h4 id="Introduction">Introduction</h4><div
class="text">
- <p>This security model is currently in DRAFT form.</p>
-
<p>The Apache Tomcat<sup>®</sup> Security Team reviews reported
vulnerabilities against the following security model:</p>
Modified: tomcat/site/trunk/docs/security.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=1920804&r1=1920803&r2=1920804&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Fri Sep 20 08:08:15 2024
@@ -57,18 +57,9 @@
security mailing list first, before disclosing them in a public forum.
</p>
- <p>Reports of problems that require any of the following will be considered
- out of scope and will not be accepted by the Tomcat security team. The
- list is not exhaustive.
- <ul>
- <li>Access to Tomcat's configuration files.</li>
- <li>Deployment of a vulnerable web application.</li>
- <li>Deployment of a malicious web application unless a SecurityManager
- is configured with an appropriate security policy and the web
- application is able to bypass a restriction enforced by the
- SecurityManager.</li>
- </ul>
- </p>
+ <p>The Tomcat <a href="security-model.html">security model</a> describes
+ what the Tomcat security team will and will not accept as a valid
+ vulnerability report for Tomcat.</p>
<p><strong>Please note that the security mailing list should only be used
for reporting undisclosed security vulnerabilities in Tomcat and
managing
Modified: tomcat/site/trunk/xdocs/security-model.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1920804&r1=1920803&r2=1920804&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-model.xml (original)
+++ tomcat/site/trunk/xdocs/security-model.xml Fri Sep 20 08:08:15 2024
@@ -11,8 +11,6 @@
<subsection name="Introduction">
- <p>This security model is currently in DRAFT form.</p>
-
<p>The Apache Tomcat<sup>®</sup> Security Team reviews reported
vulnerabilities against the following security model:</p>
Modified: tomcat/site/trunk/xdocs/security.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=1920804&r1=1920803&r2=1920804&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Fri Sep 20 08:08:15 2024
@@ -67,18 +67,9 @@
security mailing list first, before disclosing them in a public forum.
</p>
- <p>Reports of problems that require any of the following will be considered
- out of scope and will not be accepted by the Tomcat security team. The
- list is not exhaustive.
- <ul>
- <li>Access to Tomcat's configuration files.</li>
- <li>Deployment of a vulnerable web application.</li>
- <li>Deployment of a malicious web application unless a SecurityManager
- is configured with an appropriate security policy and the web
- application is able to bypass a restriction enforced by the
- SecurityManager.</li>
- </ul>
- </p>
+ <p>The Tomcat <a href="security-model.html">security model</a> describes
+ what the Tomcat security team will and will not accept as a valid
+ vulnerability report for Tomcat.</p>
<p><strong>Please note that the security mailing list should only be used
for reporting undisclosed security vulnerabilities in Tomcat and
managing
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
