Thank you for the brilliant detective work Bruno! Gary
On Wed, Oct 19, 2022, 16:16 Bruno Kinoshita <ki...@apache.org> wrote: > I had a look at the browser network tab, and saw an HTTP 302 location > redirect from Varnish. These redirects normally need to be configured in > Varnish with some sort of rule. > > I went back to your email, grabbed the SVN URL, stepped up a few > directories and saw an .htaccess at a parent level, that has a redirect > rule for some commons components (it has for [configuration], not for > [text]). I think we just need to remove the configuration entry. > > > https://svn.apache.org/repos/infra/websites/production/commons/content/.htaccess > > HTH, > Bruno > > On Thu, 20 Oct 2022 at 08:22, Gary Gregory <garydgreg...@gmail.com> wrote: > > > Well, I published the Configuration site to the usual svn: > > > > > > > https://svn.apache.org/repos/infra/websites/production/commons/content/proper/commons-configuration/ > > > > which should be end up at: > > > > https://commons.apache.org/proper/commons-configuration/index.html > > > > but for me clicking on the "Security" (in the top left menu) does not > > take me to > > https://commons.apache.org/proper/commons-configuration/security.html, > > instead it redirects magically to > > https://commons.apache.org/security.html > > > > Commons Text is fine in this area. What gives? > > > > Gary > > > > On Wed, Oct 19, 2022 at 12:48 PM Gary Gregory <garydgreg...@gmail.com> > > wrote: > > > > > > TY and merged. I'll publish later today. > > > > > > Gary > > > > > > On Wed, Oct 19, 2022 at 11:13 AM Arnout Engelen <enge...@apache.org> > > wrote: > > > > > > > > On Wed, Oct 19, 2022 at 12:23 PM Gary Gregory < > garydgreg...@gmail.com> > > wrote: > > > >> > > > >> Would you be available to update the Commons Configuration page > > > >> > > > https://github.com/apache/commons-configuration/blob/master/src/site/xdoc/security.xml > > > >> in the same way you did for Commons Text? The CVE is basically the > > > >> same: https://nvd.nist.gov/vuln/detail/CVE-2022-33980 > > > > > > > > > > > > Happy to! Proposed > > https://github.com/apache/commons-configuration/pull/230 > > > > > > > > > > > > Kind regards, > > > > > > > > Arnout > > > > > > > >> On Tue, Oct 18, 2022 at 11:20 PM Gary Gregory < > garydgreg...@gmail.com> > > wrote: > > > >> > > > > >> > FYI: I updated the security page > > > >> > https://commons.apache.org/proper/commons-text/security.html > > > >> > > > > >> > Gary > > > >> > > > > >> > On Tue, Oct 18, 2022 at 4:25 PM Gary Gregory < > > garydgreg...@gmail.com> wrote: > > > >> > > > > > >> > > I have an unpublished security page in the repo already. Let's > > not duplicate information like this PR does please. Publishing a > > non-snapshot site is a pain and I don't want to do more than I have to. > > There is no need to buy in and promote the FUD on the front page IMO. > This > > component will soon publish a security page and you can PR that page ( > > > https://github.com/apache/commons-text/blob/master/src/site/xdoc/security.xml > ) > > if you want to update the details. > > > >> > > > > > >> > > TY! > > > >> > > > > > >> > > On Tue, Oct 18, 2022, 09:52 Arnout Engelen <enge...@apache.org> > > wrote: > > > >> > >> > > > >> > >> Hello Commons, > > > >> > >> > > > >> > >> As you might know Commons Text recently published a CVE. It > > seems there is > > > >> > >> a fair bit of confusion about its severity online, so it seems > > like a good > > > >> > >> idea to publish a statement around that on the website. > > > >> > >> > > > >> > >> I've proposed one at > > https://github.com/apache/commons-text/pull/374 and > > > >> > >> I'd like to ask for your review & help publishing. Given the > > issue is > > > >> > >> getting some attention it might be nice to publish something > > soon and maybe > > > >> > >> refine it later ;). I'll also publish it at > > > >> > >> https://blogs.apache.org/security . > > > >> > >> > > > >> > >> I think what would need to happen is: > > > >> > >> * review and merge > > https://github.com/apache/commons-text/pull/374 > > > >> > >> * check out the commit before the merge commit (since that one > > still has > > > >> > >> 1.10.0 as the version in the pom.xml) > > > >> > >> * tag it with something clear, like > > "commons-text-1.10.0-docs-update"(?) > > > >> > >> * push the tag > > > >> > >> * do a 'mvn site:deploy' > > > >> > >> > > > >> > >> Much appreciated! > > > >> > >> > > > >> > >> > > > >> > >> Kind regards, > > > >> > >> > > > >> > >> Arnout > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > >
