On 2018-01-22, Matt Sicker wrote: > Thanks for taking care of this! We have a CVE in Log4j 2 we can link to on > this page as well.
My idea rather was to mimic what the Commons project is doing. In this case you'd add a security page to the log4j website, something along the lines of https://commons.apache.org/proper/commons-compress/security-reports.html On this page you link back to the top level page and you add a section for the CVE in question (which would then link to the existing JIRA ticket, for example). Stefan
