raboof commented on code in PR #199:
URL: https://github.com/apache/openmeetings/pull/199#discussion_r2324900129
##########
openmeetings-server/src/site/xdoc/security.xml:
##########
@@ -30,13 +30,20 @@
<a
href="https://www.apache.org/security/";>Apache Security Team</a> page.<br/>
<br/>
<a
href="https://www.apache.org/security/committers.html#vulnerability-handling";>Vulnerability
handling guide</a>
+ <br/>
</p>
<p>
- REFERENCES -> permalink to the announce email
in archives<br/>
+ REFERENCES -> permalink to the announce
email in archives<br/>
Going forward, please include the <b>product
and version information</b> in the <b>description</b> itself
as well as in the "[PRODUCT]" and "[VERSION]"
lines in your submissions.
While this may seem redundant, including the
information in both places satisfies different use cases and supports
automation.
</p>
+ <div class="bd-callout bd-callout-info">
+ IMPORTANT: We do our best to provide logging
config with enough details so you can audit your OpenMeetings instance.
+ But depending on your current config logs might
contain sensitive info.<br/>
+ Please contact <code>security (at) openmeetings
(dot) apache (dot) org</code> so we can fix the defaults.<br/>
Review Comment:
Perhaps:
```suggestion
Please contact <code>security (at) openmeetings
(dot) apache (dot) org</code> if you find a place where we still log sensitive
information, so we can improve the defaults.<br/>
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
