Dear Gary,
I’ve sent this exact problem on Dec. 11 2021 to the mail-address mentioned on
the above change security page: secur...@commons.apache.org
But never received a response… Therefore my question: Is this mail-address
still correct?
Best regards (and glad, that the default behaviour will
Wow, the email issue with the .invalid email address is on the Apache side
(DMARC).
Gary
On Mon, Oct 24, 2022, 14:54 Gary Gregory wrote:
> The problem is that you sent your message from what I assume is a bogus
> email reply address: p...@wolfgang-jung.net.invalid
>
> To reply to this email I h
Wow, I had no idea we did this, sure is painful to deal with :-(
Gary
On Mon, Oct 24, 2022, 15:10 Mark Thomas wrote:
> On 24/10/2022 19:54, Gary Gregory wrote:
> > The problem is that you sent your message from what I assume is a bogus
> > email reply address: p...@wolfgang-jung.net.invalid
>
>
On 24/10/2022 19:54, Gary Gregory wrote:
The problem is that you sent your message from what I assume is a bogus
email reply address: p...@wolfgang-jung.net.invalid
No, the ".invalid" was added by the ASF mail servers.
See: https://blogs.apache.org/infra/entry/dmarc_filtering_on_lists_that
We
The problem is that you sent your message from what I assume is a bogus
email reply address: p...@wolfgang-jung.net.invalid
To reply to this email I had to hand edit the reply to and am guessing that
maybe p...@wolfgang-jung.net will reach you, but, who knows... I usually
don't bother fiddling wit
Dear Gary,
I’ve sent this exact problem on Dec. 11 2021 to the mail-address mentioned on
the above changed security page: secur...@commons.apache.org
But never received a response… Therefore my question: Is this mail-address
still correct?
Best regards (and glad, that the default behaviour will
Not a problem, and thank **you** for the many releases and for working on
CVE, site updates, commons reports, PR reviews :)
Fixed! The Apache Commons Configuration Security page is now live:
> https://commons.apache.org/proper/commons-configuration/security.html
>
It's working fine for me too!
C
Fixed! The Apache Commons Configuration Security page is now live:
https://commons.apache.org/proper/commons-configuration/security.html
Gary
On Wed, Oct 19, 2022 at 4:45 PM Gary Gregory wrote:
>
> Thank you for the brilliant detective work Bruno!
>
> Gary
>
> On Wed, Oct 19, 2022, 16:16 Bruno K
Thank you for the brilliant detective work Bruno!
Gary
On Wed, Oct 19, 2022, 16:16 Bruno Kinoshita wrote:
> I had a look at the browser network tab, and saw an HTTP 302 location
> redirect from Varnish. These redirects normally need to be configured in
> Varnish with some sort of rule.
>
> I we
I had a look at the browser network tab, and saw an HTTP 302 location
redirect from Varnish. These redirects normally need to be configured in
Varnish with some sort of rule.
I went back to your email, grabbed the SVN URL, stepped up a few
directories and saw an .htaccess at a parent level, that h
Well, I published the Configuration site to the usual svn:
https://svn.apache.org/repos/infra/websites/production/commons/content/proper/commons-configuration/
which should be end up at:
https://commons.apache.org/proper/commons-configuration/index.html
but for me clicking on the "Security" (in
TY and merged. I'll publish later today.
Gary
On Wed, Oct 19, 2022 at 11:13 AM Arnout Engelen wrote:
>
> On Wed, Oct 19, 2022 at 12:23 PM Gary Gregory wrote:
>>
>> Would you be available to update the Commons Configuration page
>> https://github.com/apache/commons-configuration/blob/master/src/
On Wed, Oct 19, 2022 at 12:23 PM Gary Gregory
wrote:
> Would you be available to update the Commons Configuration page
>
> https://github.com/apache/commons-configuration/blob/master/src/site/xdoc/security.xml
> in the same way you did for Commons Text? The CVE is basically the
> same: https://nv
Hi Arnout,
Would you be available to update the Commons Configuration page
https://github.com/apache/commons-configuration/blob/master/src/site/xdoc/security.xml
in the same way you did for Commons Text? The CVE is basically the
same: https://nvd.nist.gov/vuln/detail/CVE-2022-33980
Gary
On Tue,
FYI: I updated the security page
https://commons.apache.org/proper/commons-text/security.html
Gary
On Tue, Oct 18, 2022 at 4:25 PM Gary Gregory wrote:
>
> I have an unpublished security page in the repo already. Let's not duplicate
> information like this PR does please. Publishing a non-snapsh
I have an unpublished security page in the repo already. Let's not
duplicate information like this PR does please. Publishing a non-snapshot
site is a pain and I don't want to do more than I have to. There is no need
to buy in and promote the FUD on the front page IMO. This component will
soon publ
Hello Commons,
As you might know Commons Text recently published a CVE. It seems there is
a fair bit of confusion about its severity online, so it seems like a good
idea to publish a statement around that on the website.
I've proposed one at https://github.com/apache/commons-text/pull/374 and
I'd
17 matches
Mail list logo
