https://blogs.apache.org/foundation/entry/httpoxy_cgi_vulnerability_response
On 07/20/2016 10:35 AM, William A Rowe Jr wrote: > On Wed, Jul 20, 2016 at 6:27 AM, Konstantin Kolinko <kkoli...@apache.org> > wrote: > >> 2016-07-20 12:37 GMT+03:00 Bertrand Delacretaz <bdelacre...@apache.org>: >>> On Tue, Jul 19, 2016 at 8:02 PM, William A Rowe Jr <wr...@rowe-clan.net> >> wrote: >>>> What if we digest the audience and list the scope (different projects >> which >>>> are impacted/offering mitigations) in a more conversational tone, >> mention >>>> the httpoxy URL and just point the reader to >>>> https://www.apache.org/security/asf-httpoxy-response.txt for all the >>>> detailed workarounds we've offered?... >>> >>> That sounds good to me, here's a minimal suggestion that we might >>> publish at https://blogs.apache.org/foundation/ unless you want >>> something more complete. >>> >>> *** >>> Title: "httpoxy" CGI vulnerability response >>> >>> A group of ASF projects (HTTP, Tomcat, Traffic Server, Perl) has >>> analyzed the CGI application vulnerability recently published at >>> https://httpoxy.org/ >>> >>> Their detailed analysis, targeted at Web server administrators and CGI >>> developers and including mitigation information, can be found at >>> https://www.apache.org/security/asf-httpoxy-response.txt >>> *** >> >> >> I think that perl in list of ASF projects should be spelled "Perl >> (mod_perl)", >> to distinguish it from Perl programming language as a whole. >> >> Also HTTP in that list to be spelled "HTTP Server" >> > > Good points, think we can go with your text plus these edits, Bertrand. > > Thanks! > > Bill > -- Rich Bowen - rbo...@rcbowen.com - @rbowen http://apachecon.com/ - @apachecon --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
