This is an automated email from the ASF dual-hosted git repository.
asf-gitbox-commits pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 6caa2a43f Automatic Site Publish by Buildbot
6caa2a43f is described below
commit 6caa2a43fdc40735045efafb5f32819874b97247
Author: buildbot <[email protected]>
AuthorDate: Wed May 27 05:38:11 2026 +0000
Automatic Site Publish by Buildbot
---
output/security.html | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/output/security.html b/output/security.html
index eb4c8b386..f43ed6dea 100644
--- a/output/security.html
+++ b/output/security.html
@@ -156,7 +156,7 @@
<p>Please read more detailed guideline <a
href="https://github.com/apache/struts/blob/main/SECURITY.md";>here</a>.</p>
</blockquote>
-<p>The Apache Struts project takes a very active stance in eliminating
security problems and denial of service attacks against applications using the
Apache Struts framework.</p>
+<p>The Apache Struts project takes a very active stance in eliminating
security problems and <em>denial of service</em> attacks against applications
using the Apache Struts framework.</p>
<p><strong>We strongly encourage folks to report such security problems to our
private security mailing list first, before disclosing them in a public
forum</strong>.</p>
@@ -166,10 +166,14 @@
<p>All mail sent to this address that does not relate to security problems
in the Apache Struts source code will be ignored`.</p>
</blockquote>
-<p>Note that all networked servers are subject to denial of service attacks,
and we cannot promise magic workarounds to generic problems (such as a client
streaming lots of data to your server, or re-requesting the same URL
repeatedly). In general our philosophy is to avoid any attacks which can cause
the server to consume resources in a non-linear relationship to the size of
inputs.</p>
+<p>Note that all networked servers are subject to <em>denial of service</em>
attacks, and we cannot promise magic workarounds to generic problems (such as a
client streaming lots of data to your server, or re-requesting the same URL
repeatedly). In general, our philosophy is to avoid any attacks, which can
cause the server to consume resources in a non-linear relationship to the size
of inputs.</p>
<p>The mailing address is: <a
href="mailto:[email protected]";>[email protected]</a></p>
+<h2 id="security-guideline">Security guideline</h2>
+
+<p>The project also provides a detailed <a href="security/index">security
guideline</a> with many <em>ready-to-use</em> advice and hardening options.
Read it through before reporting any potential vulnerability in the
framework.</p>
+
<p><a href="https://www.apache.org/security/";>The Apache Security Team</a></p>
</section>
