FYI: I updated the security page https://commons.apache.org/proper/commons-text/security.html
Gary On Tue, Oct 18, 2022 at 4:25 PM Gary Gregory <garydgreg...@gmail.com> wrote: > > I have an unpublished security page in the repo already. Let's not duplicate > information like this PR does please. Publishing a non-snapshot site is a > pain and I don't want to do more than I have to. There is no need to buy in > and promote the FUD on the front page IMO. This component will soon publish a > security page and you can PR that page > (https://github.com/apache/commons-text/blob/master/src/site/xdoc/security.xml) > if you want to update the details. > > TY! > > On Tue, Oct 18, 2022, 09:52 Arnout Engelen <enge...@apache.org> wrote: >> >> Hello Commons, >> >> As you might know Commons Text recently published a CVE. It seems there is >> a fair bit of confusion about its severity online, so it seems like a good >> idea to publish a statement around that on the website. >> >> I've proposed one at https://github.com/apache/commons-text/pull/374 and >> I'd like to ask for your review & help publishing. Given the issue is >> getting some attention it might be nice to publish something soon and maybe >> refine it later ;). I'll also publish it at >> https://blogs.apache.org/security . >> >> I think what would need to happen is: >> * review and merge https://github.com/apache/commons-text/pull/374 >> * check out the commit before the merge commit (since that one still has >> 1.10.0 as the version in the pom.xml) >> * tag it with something clear, like "commons-text-1.10.0-docs-update"(?) >> * push the tag >> * do a 'mvn site:deploy' >> >> Much appreciated! >> >> >> Kind regards, >> >> Arnout --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
