2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz <bdelacre...@apache.org>:
> On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr <wr...@rowe-clan.net> 
> wrote:
>> What if we digest the audience and list the scope (different projects which
>> are impacted/offering mitigations) in a more conversational tone, mention
>> the httpoxy URL and just point the reader to
>> https://www.apache.org/security/asf-httpoxy-response.txt for all the
>> detailed workarounds we've offered?...
>
> That sounds good to me, here's a minimal suggestion that we might
> publish at https://blogs.apache.org/foundation/ unless you want
> something more complete.
>
> ***
> Title: "httpoxy" CGI vulnerability response
>
> A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has
> analyzed the CGI application vulnerability recently published at
> https://httpoxy.org/
>
> Their detailed analysis, targeted at Web server administrators and CGI
> developers and including mitigation information, can be found at
> https://www.apache.org/security/asf-httpoxy-response.txt
> ***


I think that perl in list of ASF projects should be spelled "Perl (mod_perl)",
to distinguish it from Perl programming language as a whole.

Also HTTP in that list to be spelled "HTTP Server"

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Reply via email to