From ef8db46148dce4a66e35f3989a3eac6c5cfcf67c Mon Sep 17 00:00:00 2001 From: ddekany Date: Sat, 28 Mar 2020 10:29:53 +0100 Subject: [PATCH] Changed security vulnerability reporting address to security@apache.org. Added link to user uploaded templates FAQ. --- src/main/docgen/book.xml | 15 ++++++--------- src/main/docgen/docgen.cjson | 2 ++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml index bf4d27d8..b6091a75 100644 --- a/src/main/docgen/book.xml +++ b/src/main/docgen/book.xml @@ -483,15 +483,12 @@ two freemarker.jar-s and unpredictable behavior!
Report security vulnerability - We strongly encourage to report security vulnerabilities to our - private mailing list first, rather than disclosing them in a public - forum. The private security mailing address is: - - Please note that this mailing list should only be used for - reporting undisclosed security vulnerabilities in Apache FreeMarker and - managing the process of fixing such vulnerabilities. We cannot accept - regular bug reports or other queries at this address. + We strongly encourage to report security vulnerabilities to , rather than disclosing them publicly. + Please indicate in the subject that the mail is about FreeMarker! Also, + if this is about templates edited by untrusted users, please consider + this FAQ entry + first. If you want to report a bug that isn't an undisclosed security vulnerability, please use our regular diff --git a/src/main/docgen/docgen.cjson b/src/main/docgen/docgen.cjson index 2c268937..ed914b8c 100644 --- a/src/main/docgen/docgen.cjson +++ b/src/main/docgen/docgen.cjson @@ -78,6 +78,7 @@ olinks: { githubMirrorOnlineTester: "https://github.com/apache/freemarker-online-tester" githubProject: "olink:githubMirrorFreemarker" githubProjectOld: "https://github.com/freemarker/" + securityMailingList: "mailto:security@apache.org" privateMailingList: "mailto:private@freemarker.apache.org" devMailingList: "mailto:dev@freemarker.apache.org" devMailingListSubscribe: "mailto:dev-subscribe@freemarker.apache.org" @@ -94,6 +95,7 @@ olinks: { asfHome: "http://www.apache.org/" asfIncubator: "http://incubator.apache.org/" asfLicense: "http://www.apache.org/licenses/" + templateUploadingSecurityFaq: "https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security" emacsPluginDownload: "https://sourceforge.net/projects/freemarker/files/editor-plugins/ftl.el/download" kwritePluginDownload: "https://sourceforge.net/projects/freemarker/files/editor-plugins/kwriteftl.tar.gz/download"