No commentary required, but feel free to edit (including the source text under www.a.o/security/) and add commentary as you see fit.
On Jul 18, 2016 4:57 PM, "Rich Bowen" <rbo...@rcbowen.com> wrote: > Oh, I see. I misunderstood. You want to post it as is, or did you want to > add commentary? I have access. > > On Jul 18, 2016 2:40 PM, "William A Rowe Jr" <wr...@rowe-clan.net> wrote: > > > I'm happy to do this, but if someone is already set up with > > blogs.apache.org, > > please feel free to beat me to it, I am not set up at the moment > > > > On Jul 18, 2016 11:03 AM, "Rich Bowen" <rbo...@rcbowen.com> wrote: > > > > Absolutely. We should be proactive about stuff like that. Be sure to cc > > Sally with whatever you do. > > > > On 07/18/2016 10:14 AM, William A Rowe Jr wrote: > > > In response to https://httpoxy.org/ (which has no actual ASF > > > vulnerability we are aware of) the HTTP, Tomcat and ATS projects > > > collected feedback, along with validation from the Perl project; > > > > > > https://www.apache.org/security/asf-httpoxy-response.txt > > > > > > Does it make sense to blog this, or at least R/T from @TheASF? > > > > > > > > > -- > > Rich Bowen - rbo...@rcbowen.com - @rbowen > > http://apachecon.com/ - @apachecon > > >