https://blogs.apache.org/foundation/entry/httpoxy_cgi_vulnerability_response


On 07/20/2016 10:35 AM, William A Rowe Jr wrote:
> On Wed, Jul 20, 2016 at 6:27 AM, Konstantin Kolinko <kkoli...@apache.org>
> wrote:
> 
>> 2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz <bdelacre...@apache.org>:
>>> On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr <wr...@rowe-clan.net>
>> wrote:
>>>> What if we digest the audience and list the scope (different projects
>> which
>>>> are impacted/offering mitigations) in a more conversational tone,
>> mention
>>>> the httpoxy URL and just point the reader to
>>>> https://www.apache.org/security/asf-httpoxy-response.txt for all the
>>>> detailed workarounds we've offered?...
>>>
>>> That sounds good to me, here's a minimal suggestion that we might
>>> publish at https://blogs.apache.org/foundation/ unless you want
>>> something more complete.
>>>
>>> ***
>>> Title: "httpoxy" CGI vulnerability response
>>>
>>> A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has
>>> analyzed the CGI application vulnerability recently published at
>>> https://httpoxy.org/
>>>
>>> Their detailed analysis, targeted at Web server administrators and CGI
>>> developers and including mitigation information, can be found at
>>> https://www.apache.org/security/asf-httpoxy-response.txt
>>> ***
>>
>>
>> I think that perl in list of ASF projects should be spelled "Perl
>> (mod_perl)",
>> to distinguish it from Perl programming language as a whole.
>>
>> Also HTTP in that list to be spelled "HTTP Server"
>>
> 
> Good points, think we can go with your text plus these edits, Bertrand.
> 
> Thanks!
> 
> Bill
> 


-- 
Rich Bowen - rbo...@rcbowen.com - @rbowen
http://apachecon.com/ - @apachecon

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Reply via email to