Hi all,
I've put together a security page for Commons so people have a place to
get information quickly, it is based on the recommendations by our
security team[1] and the existing page of Compress[2].
http://commons.staging.apache.org/security.html
this one is still in staging so we can fiddle around with it and has not
been linked from the main nav, yet.
While looking for existing security information pages of components I
searched the CVE database and found three issues related to FileUpload
(CVE-2013-2186 / CVE-2013-0248 / CVE-2014-0050), one for Daemon
(CVE-2011-2729) and one for BeanUtils (CVE-2011-2729).
When searching through the site I don't find any hint on the CVEs on the
Daemon or BeanUtils sites, maybe I've not been looking hard enough.
FileUpload has two of the three CVEs in its changes report.
I think the sites should be changed in order to provide information
about the issues.
Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
