Hello Stefan, this is a good idea. I think you've searched hard enough and the said components simply don't have such a page (yet).
br, Benedikt 2014-08-31 13:16 GMT+02:00 Stefan Bodewig <bode...@apache.org>: > Hi all, > > I've put together a security page for Commons so people have a place to > get information quickly, it is based on the recommendations by our > security team[1] and the existing page of Compress[2]. > > http://commons.staging.apache.org/security.html > > this one is still in staging so we can fiddle around with it and has not > been linked from the main nav, yet. > > While looking for existing security information pages of components I > searched the CVE database and found three issues related to FileUpload > (CVE-2013-2186 / CVE-2013-0248 / CVE-2014-0050), one for Daemon > (CVE-2011-2729) and one for BeanUtils (CVE-2011-2729). > > When searching through the site I don't find any hint on the CVEs on the > Daemon or BeanUtils sites, maybe I've not been looking hard enough. > FileUpload has two of the three CVEs in its changes report. > > I think the sites should be changed in order to provide information > about the issues. > > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- http://people.apache.org/~britter/ http://www.systemoutprintln.de/ http://twitter.com/BenediktRitter http://github.com/britter
