metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From larry mccay <>
Subject Apache Security Process
Date Thu, 02 Jun 2016 17:24:42 GMT
All -

Please become familiar with of the Apache process for reporting,
discussing, filing JIRAs and fixing security vulnerabilities [1].

METRON-198 has exposed more than we should in a public manner and the
attached report should be removed.

Details of any particular issues should only be discussed on a project's
security or private list and it needs to also include the security@a.o

Fixes need to be discussed and agreed upon on the private list and JIRAs
filed to commit the fix should be vague and as general as possible - so as
not to disclose the details of the vulnerabilities and inform the
development of exploits.

Also, pay attention to the CVE related aspects of the process in the page
referenced below.




  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message