This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/main by this push:
new 79a4cb8c1 security: updates the page and links to SECURITY.md (#299)
79a4cb8c1 is described below
commit 79a4cb8c1b9db664201189ae12c0507cd954ec9b
Author: Lukasz Lenart <[email protected]>
AuthorDate: Fri May 22 06:48:03 2026 +0200
security: updates the page and links to SECURITY.md (#299)
---
source/security.md | 21 +++++++--------------
1 file changed, 7 insertions(+), 14 deletions(-)
diff --git a/source/security.md b/source/security.md
index ebae7519c..85e48fc53 100644
--- a/source/security.md
+++ b/source/security.md
@@ -5,25 +5,18 @@ title: Security Issues
# Reporting New Security Issues with Apache Struts
-The Apache Struts project takes a very active stance in eliminating security
problems
-and denial of service attacks against applications using the Apache Struts
framework.
+> Please read more detailed guideline
[here](https://github.com/apache/struts/blob/main/SECURITY.md).
-**We strongly encourage folks to report such security problems to our private
security mailing list first,
-before disclosing them in a public forum**.
+The Apache Struts project takes a very active stance in eliminating security
problems and denial of service attacks against applications using the Apache
Struts framework.
-We cannot accept regular bug reports or other queries at this address, we ask
that you use our
-[issue tracker (JIRA)](https://issues.apache.org/jira/browse/WW) for those.
+**We strongly encourage folks to report such security problems to our private
security mailing list first, before disclosing them in a public forum**.
-`All mail sent to this address that does not relate to security problems in
the Apache
-Struts source code will be ignored`.
+We cannot accept regular bug reports or other queries at this address, we ask
that you use our [issue tracker
(JIRA)](https://issues.apache.org/jira/browse/WW) for those.
-Note that all networked servers are subject to denial of service attacks, and
we cannot promise magic
-workarounds to generic problems (such as a client streaming lots of data to
your server, or re-requesting
-the same URL repeatedly). In general our philosophy is to avoid any attacks
which can cause the server
-to consume resources in a non-linear relationship to the size of inputs.
+> All mail sent to this address that does not relate to security problems in
the Apache Struts source code will be ignored`.
-The mailing address is:
[[email protected]](mailto:[email protected])
+Note that all networked servers are subject to denial of service attacks, and
we cannot promise magic workarounds to generic problems (such as a client
streaming lots of data to your server, or re-requesting the same URL
repeatedly). In general our philosophy is to avoid any attacks which can cause
the server to consume resources in a non-linear relationship to the size of
inputs.
-[General network server security
tips](https://httpd.apache.org/docs/trunk/misc/security_tips)
+The mailing address is:
[[email protected]](mailto:[email protected])
[The Apache Security Team](https://www.apache.org/security/)
