From 4a1402a47cab4636bf4c73d42a62bfa80c1535ca Mon Sep 17 00:00:00 2001 From: Stephen Colebourne Date: Mon, 15 Apr 2024 15:08:15 +0100 Subject: [PATCH] Add website page about secutity/CVEs (#781) --- src/site/markdown/index.md | 1 + src/site/markdown/security.md | 26 ++++++++++++++++++++++++++ src/site/site.xml | 1 + 3 files changed, 28 insertions(+) create mode 100644 src/site/markdown/security.md diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md index 81e9853b8..a3668a8cd 100644 --- a/src/site/markdown/index.md +++ b/src/site/markdown/index.md @@ -32,6 +32,7 @@ Various documentation is available: * The [Javadoc](apidocs/index.html) * The list of [FAQ](faq.html)s. * The [change notes](changes-report.html) for each release +* The [security](security.html) issues page * The [GitHub](https://github.com/JodaOrg/joda-time) source repository diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md new file mode 100644 index 000000000..6386d5118 --- /dev/null +++ b/src/site/markdown/security.md @@ -0,0 +1,26 @@ +## Joda-Time Security + +### Security Policy + +**Supported Versions** + +If a security issue occurs, only the latest version is guaranteed to be patched. + +**Reporting a Vulnerability** + +To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). +Tidelift will coordinate the fix and disclosure. + + +### CVEs + +**[CVE-2024-23080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23080)** + +This was raised publicly on 2024-04-10. +There was no prior warning or private disclosure. + +The CVE is nonsense. It was raised by an AI-driven bot. +The CVE describes that a `NullPointerException` is thrown when `null` is passed into a method. +As any Java developer knows, this is perfectly normal and not a security issue or CVE. + +Users of Joda-Time do not need to take any action as the CVE is invalid. diff --git a/src/site/site.xml b/src/site/site.xml index 001b0c6cd..8b7679d10 100644 --- a/src/site/site.xml +++ b/src/site/site.xml @@ -130,6 +130,7 @@ +