Andrea,
Pull request at: https://github.com/geoserver/geoserver.github.io/pull/65 when
someone with write access is ready to review.
Jonathan,
I incorporated your suggestions to bold/italicize the updates.
Chris Snider
Senior Software Engineer
[cid:image001.png@01D2E6A5.9104F820]
From: Jonathan Moules [mailto:jonathan-li...@lightpear.com]
Sent: Sunday, June 10, 2018 1:17 PM
To: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Known vulnerability in commons-fileupload
v1.2.1, used by geoserver
Chris, Andrea,
Good suggestion. If I could go one further, I'd suggest an explicit bold
statement in the user/dev list sections saying not to post security stuff
there. I.e.:
<h3>User List</h3>
This list is for end users blah blah blah <b>Do <i>Not</i> report security
vulnerabilities here. See the Security blah blah section</b>
(and the same again in the Developer Lists box)
The problem with having a specific highlighted box is that some people (and I
include myself in this) simply don't "see" them.
Cheers,
Jonathan
On 2018-06-07 15:18, Chris Snider wrote:
Andrea,
It took me a second to find the security block. I completely overlooked the
blue field.
Maybe add a new header under the “User List”
<h3>User List</h3>
This list is for end users blah blah blah
<h3>Reporting Security Vulnerabilities</h3>
If you encounter a security vulnerability blah blah blah
<h3>Posting Guidelines</h3>
Please read through etc. etc. etc.
Thought I’d say blah again didn’t you
<h3>Developer Lists</h3>
The rest of the page, and so on
This might draw attention?
Chris Snider
Senior Software Engineer
[cid:image001.png@01D2E6A5.9104F820]
From: Andrea Aime [mailto:andrea.a...@geo-solutions.it]
Sent: Thursday, June 07, 2018 12:23 AM
To: Dave Wichers <dave.wich...@ey.com><mailto:dave.wich...@ey.com>
Cc:
geoserver-users@lists.sourceforge.net<mailto:geoserver-users@lists.sourceforge.net>
Subject: Re: [Geoserver-users] Known vulnerability in commons-fileupload
v1.2.1, used by geoserver
The comm page, where I believe you found info on registering for the user list,
has a clear warning not to post security vulnerabilities:
http://geoserver.org/comm/
"If you encounter a security vulnerability in GeoServer please take care to
report the issue in a responsible fashion. Do not use the mailing list, go
intead to the Jira bug tracker instead and follow the "Responsible disclosure"
instructions there."
How do we make it more plain and evident so that grave mistakes do not occur
anymore in the future?
Maybe we should switch the background color of that box to red...
Regards
Andrea
<removed>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
