This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 8fe9fabeb Updates stage by Jenkins
8fe9fabeb is described below
commit 8fe9fabeba3f72cddfbcd0677dc553be76737af7
Author: jenkins <[email protected]>
AuthorDate: Wed May 27 05:16:17 2026 +0000
Updates stage by Jenkins
---
content/security.html | 27 ++++++++++++++-------------
1 file changed, 14 insertions(+), 13 deletions(-)
diff --git a/content/security.html b/content/security.html
index aea2100db..f43ed6dea 100644
--- a/content/security.html
+++ b/content/security.html
@@ -152,26 +152,27 @@
<h1 id="reporting-new-security-issues-with-apache-struts">Reporting New
Security Issues with Apache Struts</h1>
-<p>The Apache Struts project takes a very active stance in eliminating
security problems
-and denial of service attacks against applications using the Apache Struts
framework.</p>
+<blockquote>
+ <p>Please read more detailed guideline <a
href="https://github.com/apache/struts/blob/main/SECURITY.md";>here</a>.</p>
+</blockquote>
-<p><strong>We strongly encourage folks to report such security problems to our
private security mailing list first,
-before disclosing them in a public forum</strong>.</p>
+<p>The Apache Struts project takes a very active stance in eliminating
security problems and <em>denial of service</em> attacks against applications
using the Apache Struts framework.</p>
-<p>We cannot accept regular bug reports or other queries at this address, we
ask that you use our
-<a href="https://issues.apache.org/jira/browse/WW";>issue tracker (JIRA)</a>
for those.</p>
+<p><strong>We strongly encourage folks to report such security problems to our
private security mailing list first, before disclosing them in a public
forum</strong>.</p>
-<p><code class="language-plaintext highlighter-rouge">All mail sent to this
address that does not relate to security problems in the Apache
-Struts source code will be ignored</code>.</p>
+<p>We cannot accept regular bug reports or other queries at this address, we
ask that you use our <a href="https://issues.apache.org/jira/browse/WW";>issue
tracker (JIRA)</a> for those.</p>
-<p>Note that all networked servers are subject to denial of service attacks,
and we cannot promise magic
-workarounds to generic problems (such as a client streaming lots of data to
your server, or re-requesting
-the same URL repeatedly). In general our philosophy is to avoid any attacks
which can cause the server
-to consume resources in a non-linear relationship to the size of inputs.</p>
+<blockquote>
+ <p>All mail sent to this address that does not relate to security problems
in the Apache Struts source code will be ignored`.</p>
+</blockquote>
+
+<p>Note that all networked servers are subject to <em>denial of service</em>
attacks, and we cannot promise magic workarounds to generic problems (such as a
client streaming lots of data to your server, or re-requesting the same URL
repeatedly). In general, our philosophy is to avoid any attacks, which can
cause the server to consume resources in a non-linear relationship to the size
of inputs.</p>
<p>The mailing address is: <a
href="mailto:[email protected]";>[email protected]</a></p>
-<p><a href="https://httpd.apache.org/docs/trunk/misc/security_tips";>General
network server security tips</a></p>
+<h2 id="security-guideline">Security guideline</h2>
+
+<p>The project also provides a detailed <a href="security/index">security
guideline</a> with many <em>ready-to-use</em> advice and hardening options.
Read it through before reporting any potential vulnerability in the
framework.</p>
<p><a href="https://www.apache.org/security/";>The Apache Security Team</a></p>
