Hi, Well as I did the last few CVE fixes for BlazeDS we usually posted a security advisory after the release. The reason is that we have to vote on the release including the release notes, but we don't want to leak the CVE before having a released version out in the wild. The time between Release Notification and CVE did vary a little as sometimes we were asked to hold the Security advisory back for a few days. But I did have to post the CVE mail to several addresses: [email protected], [email protected] and [email protected]
Maybe subscribing to any of these lists/services should do the trick. Chris ________________________________________ Von: ehawkins <[email protected]> Gesendet: Dienstag, 2. Februar 2016 01:45 An: [email protected] Betreff: Re: Security Alerts Our organization uses blazeDS and I need to make them aware of any vulnerabilities that crop up asap. The question was really if blazeDS sends out a specific security digest or alert upon resolution of such issues? If not will they just be in the release notes? -- View this message in context: http://apache-flex-users.2333346.n4.nabble.com/Security-Alerts-tp11876p11878.html Sent from the Apache Flex Users mailing list archive at Nabble.com.
