2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz <bdelacre...@apache.org>: > On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr <wr...@rowe-clan.net> > wrote: >> What if we digest the audience and list the scope (different projects which >> are impacted/offering mitigations) in a more conversational tone, mention >> the httpoxy URL and just point the reader to >> https://www.apache.org/security/asf-httpoxy-response.txt for all the >> detailed workarounds we've offered?... > > That sounds good to me, here's a minimal suggestion that we might > publish at https://blogs.apache.org/foundation/ unless you want > something more complete. > > *** > Title: "httpoxy" CGI vulnerability response > > A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has > analyzed the CGI application vulnerability recently published at > https://httpoxy.org/ > > Their detailed analysis, targeted at Web server administrators and CGI > developers and including mitigation information, can be found at > https://www.apache.org/security/asf-httpoxy-response.txt > ***
I think that perl in list of ASF projects should be spelled "Perl (mod_perl)", to distinguish it from Perl programming language as a whole. Also HTTP in that list to be spelled "HTTP Server" Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
