Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor security page #1948

Merged
merged 8 commits into from
Nov 8, 2023
Merged

Refactor security page #1948

merged 8 commits into from
Nov 8, 2023

Conversation

vy
Copy link
Member

@vy vy commented Nov 6, 2023
edited
Loading

This implements the following changes in the security page:

  • Switched to using the Maven version range syntax to denote affected versions
  • Switched from MITRE to NVD – Both are in essence funded by the same organization (i.e., the U.S. Government) and contain identical data. Though MITRE seems dead and NVD looks alive with more bells and whistles.
  • Switched to CVSS 3.x severity and metrics
  • Improved navigation with more user-centric sections and expanded menu
  • Added "Components affected" (e.g., log4j-core) field
  • Added "Versions fixed" field
  • Removed duplicate content
  • Simplified textual content – kept basic description and mitigation techniques
  • Removed mitigation techniques worded as "alternatively you can do X, but it won't really help"

Review aid

References

@vy vy added the enhancement Additions or updates to features label Nov 6, 2023
@vy vy added this to the 2.22.0 milestone Nov 6, 2023
@vy vy mentioned this pull request Nov 7, 2023
Closed
11 tasks
@jvz jvz self-requested a review November 7, 2023 19:22
jvz
jvz reviewed Nov 7, 2023
View reviewed changes
src/site/asciidoc/security.adoc Outdated Show resolved Hide resolved
jvz
jvz reviewed Nov 7, 2023
View reviewed changes
src/site/asciidoc/security.adoc Outdated Show resolved Hide resolved
jvz
jvz approved these changes Nov 7, 2023
View reviewed changes
Copy link
Member

@jvz jvz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reads well to me. Thanks for organizing this!

@vy vy self-assigned this Nov 8, 2023
@vy vy merged commit 2ec8236 into 2.x Nov 8, 2023
5 of 6 checks passed
@vy vy deleted the security-page branch November 8, 2023 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvz jvz jvz approved these changes

Assignees

@vy vy

Labels
enhancement Additions or updates to features
Projects
None yet
Milestone
2.22.0
Development

Successfully merging this pull request may close these issues.
2 participants
@vy @jvz