Add security page

garydgregory · garydgregory · commit 0a11465fcc1b · 2025-01-21T08:23:09.000-05:00
diff --git a/src/site/xdoc/security.xml b/src/site/xdoc/security.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements.  See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership.  The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License.  You may obtain a copy of the License at
+
+   https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied.  See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<document xmlns="http://maven.apache.org/XDOC/2.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 https://maven.apache.org/xsd/xdoc-2.0.xsd">
+  <properties>
+    <title>Apache Commons Security Reports</title>
+    <author email="dev@commons.apache.org">Apache Commons Team</author>
+  </properties>
+  <body>
+    <section name="About Security">
+      <p>
+        For information about reporting or asking questions about security, please see
+        <a href="https://commons.apache.org/security.html">Apache Commons Security</a>.
+      </p>
+      <p>This page lists all security vulnerabilities fixed in released versions of this component. 
+      </p>
+      <p>Please note that binary patches are never provided. If you need to apply a source code patch, use the building instructions for the component version
+        that you are using. 
+      </p>
+      <p>
+        If you need help on building this component or other help on following the instructions to mitigate the known vulnerabilities listed here, please send
+        your questions to the public
+        <a href="mail-lists.html">user mailing list</a>.
+      </p>
+      <p>If you have encountered an unlisted security vulnerability or other unexpected behavior that has security impact, or if the descriptions here are
+        incomplete, please report them privately to the Apache Security Team. Thank you. 
+      </p>
+    </section>
+    <section name="Security Vulnerabilities">
+      <p>None.</p>
+    </section>
+  </body>
+</document>
