Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jetty-9.4.x'

This commit is contained in:
Jesse McConnell 2016-08-18 14:37:16 -05:00
parent fb526dcb23 c80fe2b0b9
commit 6d9b02a897
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jetty-documentation/src/main/asciidoc/reference/contributing/chapter.adoc
View File

@ -26,5 +26,6 @@ include::source-build.adoc[]
include::coding-standards.adoc[]
include::bugs.adoc[]
include::patches.adoc[]
include::security.adoc[]
include::releasing-jetty.adoc[]
include::release-testing.adoc[]

30
jetty-documentation/src/main/asciidoc/reference/contributing/security.adoc Normal file
View File

@ -0,0 +1,30 @@
// ========================================================================
// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
// ========================================================================
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
[[security-reporting]]
=== Reporting Security Issues
There are a number of avenues for reporting security issues to the Jetty project available.
If the issue is directly related to Jetty itself then reporting to the Jetty developers is encouraged.
The most direct method is to mail _security@webtide.com_.
Since Webtide is comprised of the active committers of the Jetty project this is our preferred reporting method.
We are generally flexible in how we work with reporters of security issues but we reserve the right to act in the interests of the Jetty project in all circumstances.
If the issue is related to Eclipse or its Jetty integration then we encourage you to reach out to _security@eclipse.org_.
If the issue is related to integrations with Jetty we are happy to work with you to identify the proper entity and either of the approaches above is fine.
We prefer that security issues are reported directly to Jetty developers as opposed through GitHub Issues since it has no facility to tag issues as _private_.

2
jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc
View File

@ -19,6 +19,8 @@
The following sections provide information about Jetty security issues.
If you would like to report a security issue please follow these link:#security-reporting[instructions].
.Resolved Issues
[width="99%",cols="11%,19%,14%,9%,14%,14%,19%",options="header",]
|=======================================================================