[ofbiz-site] branch master updated: Adds a mention for security reporters to not create Jira issues for pre-auth (aka unauth) reports

jleroux Mon, 21 Feb 2022 05:51:40 -0800

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git



The following commit(s) were added to refs/heads/master by this push:
     new cfc7d5e  Adds a mention for security reporters to not create Jira 
issues for pre-auth (aka unauth) reports
cfc7d5e is described below

commit cfc7d5ebba04d1aa62803afb1bb8784de5947501
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon Feb 21 14:51:06 2022 +0100

    Adds a mention for security reporters to not create Jira issues for 
pre-auth (aka unauth) reports
---
 download.html                  | 3 ++-
 security.html                  | 2 +-
 template/page/download.tpl.php | 3 ++-
 template/page/security.tpl.php | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/download.html b/download.html
index 3223c7a..85954da 100644
--- a/download.html
+++ b/download.html
@@ -282,7 +282,8 @@ available <a href="security.html">here</a></p>
             
             
             <p>Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user. 
-            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a></strong></p>
+            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a><span style="color:red"> 
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in 
advance.</span></strong></p>
+            
             
             <p>One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
             <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"; 
target="external"> we highly suggest to OFBiz users to not use credentials demo 
in production</a>
diff --git a/security.html b/security.html
index 5e3e608..f5712a7 100644
--- a/security.html
+++ b/security.html
@@ -135,7 +135,7 @@
              before disclosing them in a public forum. Please don't pack 
several vulnerabilities in the same report, send them one by one, thanks in 
advance.</strong></p>
             
             <p>Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user. 
-            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a></strong></p>
+            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a><span style="color:red"> 
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in 
advance.</span></strong></p>
             
             <p>One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
             <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"; 
target="external"> we highly suggest to OFBiz users to not use credentials demo 
in production</a>
diff --git a/template/page/download.tpl.php b/template/page/download.tpl.php
index 5affad8..e691b8e 100644
--- a/template/page/download.tpl.php
+++ b/template/page/download.tpl.php
@@ -171,7 +171,8 @@ available <a href="security.html">here</a></p>
             
             
             <p>Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user. 
-            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a></strong></p>
+            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a><span style="color:red"> 
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in 
advance.</span></strong></p>
+            
             
             <p>One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
             <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"; 
target="external"> we highly suggest to OFBiz users to not use credentials demo 
in production</a>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 33d20ce..67f7650 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -24,7 +24,7 @@
              before disclosing them in a public forum. Please don't pack 
several vulnerabilities in the same report, send them one by one, thanks in 
advance.</strong></p>
             
             <p>Note that we no longer create CVEs for post-auth attacks done 
using demo credentials, notably using the admin user. 
-            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a></strong></p>
+            <strong> <a href="https://s.apache.org/dsj2p";> Rather create bugs 
reports in our issue tracker (Jira) for that.</a><span style="color:red"> 
Please don't create Jira issues for unauth (aka pre-auth) reports, thanks in 
advance.</span></strong></p>
             
             <p>One of the reason we no longer create CVEs for post-auth 
attacks done using demo credentials is because 
             <a 
href="https://nightlies.apache.org/ofbiz/trunk/readme/html5/#security"; 
target="external"> we highly suggest to OFBiz users to not use credentials demo 
in production</a>

[ofbiz-site] branch master updated: Adds a mention for security reporters to not create Jira issues for pre-auth (aka unauth) reports

Reply via email to