raboof commented on code in PR #86: URL: https://github.com/apache/solr-site/pull/86#discussion_r1049643505
########## content/pages/security.md: ########## @@ -10,17 +10,42 @@ Every CVE that is detected by a software scanner is by definition already public To find a path forward in addressing a detected CVE we suggest the following process for fastest results: -1. Check further down this page to see if the CVE is listed as exploitable in Solr. -2. Check the [officially published non-exploitable vulnerabilities](https://cwiki.apache.org/confluence/display/SOLR/SolrSecurity#SolrSecurity-SolrandVulnerabilityScanningTools) list to see if the CVE is listed as not exploitable in Solr. +1. Check [further down this page](#recent-cve-reports-for-apache-solr) to see if the CVE is listed as exploitable in Solr. +2. Check the [officially published non-exploitable vulnerabilities](#cve-reports-for-apache-solr-dependencies) list to see if the CVE is listed as not exploitable in Solr. 3. Search through the [Solr users mailing list archive](https://lists.apache.org/list.html?us...@solr.apache.org) to see if anyone else has brought up this dependency CVE. 4. If no one has, then please do [subscribe to the users mailing list](https://solr.apache.org/community.html#mailing-lists-chat) and then send an email asking about the CVE. +#### VEX +Since the process of checking whether CVEs in dependencies of Solr affect your Review Comment: I moved it down to near the end of the markdown content of the page. That's still above the existing table, because the tables are generated as part as the HTML template, and it doesn't seem easy to intersperse markdown and HTML content. I'm also OK with moving it further down, but AFAICS that'd mean we'd have to include it in the HTML template instead of having it as Markdown - not sure if that's worth it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
