On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > What if we digest the audience and list the scope (different projects which > are impacted/offering mitigations) in a more conversational tone, mention > the httpoxy URL and just point the reader to > https://www.apache.org/security/asf-httpoxy-response.txt for all the > detailed workarounds we've offered?...
That sounds good to me, here's a minimal suggestion that we might publish at https://blogs.apache.org/foundation/ unless you want something more complete. *** Title: "httpoxy" CGI vulnerability response A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has analyzed the CGI application vulnerability recently published at https://httpoxy.org/ Their detailed analysis, targeted at Web server administrators and CGI developers and including mitigation information, can be found at https://www.apache.org/security/asf-httpoxy-response.txt *** -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
