Google Git
Sign in
apache / freemarker-site / ef8db46148dce4a66e35f3989a3eac6c5cfcf67c^! / .
commitef8db46148dce4a66e35f3989a3eac6c5cfcf67c[log] [tgz]
authorddekany <ddekany@apache.org>Sat Mar 28 10:29:53 2020 +0100
committerddekany <ddekany@apache.org>Sat Mar 28 10:29:53 2020 +0100
tree2efd2d9384c042b002c0423e44caac8f75e7c448
parentde7c93fc029a15d005afefc360bd91ae87df8f28 [diff]
Changed security vulnerability reporting address to security@apache.org. Added link to user uploaded templates FAQ.

diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml
index bf4d27d..b6091a7 100644
--- a/src/main/docgen/book.xml
+++ b/src/main/docgen/book.xml

@@ -483,15 +483,12 @@
     <section xml:id="report-security-vulnerabilities">
       <title>Report security vulnerability</title>
 
-      <para>We strongly encourage to report security vulnerabilities to our
-      private mailing list first, rather than disclosing them in a public
-      forum. The private security mailing address is: <olink
-      targetdoc="privateMailingList"/></para>
-
-      <para>Please note that this mailing list should only be used for
-      reporting undisclosed security vulnerabilities in Apache FreeMarker and
-      managing the process of fixing such vulnerabilities. We cannot accept
-      regular bug reports or other queries at this address.</para>
+      <para>We strongly encourage to report security vulnerabilities to <olink
+      targetdoc="securityMailingList"/>, rather than disclosing them publicly.
+      Please indicate in the subject that the mail is about FreeMarker! Also,
+      if this is about templates edited by untrusted users, please consider
+      <olink targetdoc="templateUploadingSecurityFaq">this FAQ entry</olink>
+      first.</para>
 
       <para>If you want to report a bug that isn't an undisclosed security
       vulnerability, please use <olink targetdoc="newBugReport">our regular

diff --git a/src/main/docgen/docgen.cjson b/src/main/docgen/docgen.cjson
index 2c26893..ed914b8 100644
--- a/src/main/docgen/docgen.cjson
+++ b/src/main/docgen/docgen.cjson

@@ -78,6 +78,7 @@
   githubMirrorOnlineTester: "https://github.com/apache/freemarker-online-tester"
   githubProject: "olink:githubMirrorFreemarker"
   githubProjectOld: "https://github.com/freemarker/"
+  securityMailingList: "mailto:security@apache.org"
   privateMailingList: "mailto:private@freemarker.apache.org"
   devMailingList: "mailto:dev@freemarker.apache.org"
   devMailingListSubscribe: "mailto:dev-subscribe@freemarker.apache.org"
@@ -94,6 +95,7 @@
   asfHome: "http://www.apache.org/"
   asfIncubator: "http://incubator.apache.org/"
   asfLicense: "http://www.apache.org/licenses/"
+  templateUploadingSecurityFaq: "https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security"
   
   emacsPluginDownload: "https://sourceforge.net/projects/freemarker/files/editor-plugins/ftl.el/download"
   kwritePluginDownload: "https://sourceforge.net/projects/freemarker/files/editor-plugins/kwriteftl.tar.gz/download"