Changed security vulnerability reporting address to security@apache.org. Added link to user uploaded templates FAQ.
diff --git a/src/main/docgen/book.xml b/src/main/docgen/book.xml
index bf4d27d..b6091a7 100644
--- a/src/main/docgen/book.xml
+++ b/src/main/docgen/book.xml
@@ -483,15 +483,12 @@
<section xml:id="report-security-vulnerabilities">
<title>Report security vulnerability</title>
- <para>We strongly encourage to report security vulnerabilities to our
- private mailing list first, rather than disclosing them in a public
- forum. The private security mailing address is: <olink
- targetdoc="privateMailingList"/></para>
-
- <para>Please note that this mailing list should only be used for
- reporting undisclosed security vulnerabilities in Apache FreeMarker and
- managing the process of fixing such vulnerabilities. We cannot accept
- regular bug reports or other queries at this address.</para>
+ <para>We strongly encourage to report security vulnerabilities to <olink
+ targetdoc="securityMailingList"/>, rather than disclosing them publicly.
+ Please indicate in the subject that the mail is about FreeMarker! Also,
+ if this is about templates edited by untrusted users, please consider
+ <olink targetdoc="templateUploadingSecurityFaq">this FAQ entry</olink>
+ first.</para>
<para>If you want to report a bug that isn't an undisclosed security
vulnerability, please use <olink targetdoc="newBugReport">our regular
diff --git a/src/main/docgen/docgen.cjson b/src/main/docgen/docgen.cjson
index 2c26893..ed914b8 100644
--- a/src/main/docgen/docgen.cjson
+++ b/src/main/docgen/docgen.cjson
@@ -78,6 +78,7 @@
githubMirrorOnlineTester: "https://github.com/apache/freemarker-online-tester"
githubProject: "olink:githubMirrorFreemarker"
githubProjectOld: "https://github.com/freemarker/"
+ securityMailingList: "mailto:security@apache.org"
privateMailingList: "mailto:private@freemarker.apache.org"
devMailingList: "mailto:dev@freemarker.apache.org"
devMailingListSubscribe: "mailto:dev-subscribe@freemarker.apache.org"
@@ -94,6 +95,7 @@
asfHome: "http://www.apache.org/"
asfIncubator: "http://incubator.apache.org/"
asfLicense: "http://www.apache.org/licenses/"
+ templateUploadingSecurityFaq: "https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security"
emacsPluginDownload: "https://sourceforge.net/projects/freemarker/files/editor-plugins/ftl.el/download"
kwritePluginDownload: "https://sourceforge.net/projects/freemarker/files/editor-plugins/kwriteftl.tar.gz/download"