17. Security Issues Information
18. Reporting New Security Problems with Apache CouchDB

17. Security Issues Information

18. Reporting New Security Problems with Apache CouchDB

The Apache Software Foundation takes a very active stance in eliminatingsecurity problems and denial of service attacks against Apache CouchDB.

We strongly encourage folks to report such problems to our private securitymailing list first, before disclosing them in a public forum.

Please note that the security mailing list should only be used for reportingundisclosed security vulnerabilities in Apache CouchDB and managing theprocess of fixing such vulnerabilities. We cannot accept regular bug reportsor other queries at this address. All mail sent to this address that does notrelate to an undisclosed security problem in the Apache CouchDB source codewill be ignored.

If you need to report a bug that isn’t an undisclosed security vulnerability,please use the bug reporting page.

Questions about:

How to configure CouchDB securely
If a vulnerability applies to your particular application
Obtaining further information on a published vulnerability
Availability of patches and/or new releases
should be address to the users mailing list. Please see the mailinglists page for details of how to subscribe.

The private security mailing address is: security@couchdb.apache.org

Please read how the Apache Software Foundation handles security reports toknow what to expect.

Note that all networked servers are subject to denial of service attacks,and we cannot promise magic workarounds to generic problems (such as a clientstreaming lots of data to your server, or re-requesting the same URLrepeatedly). In general our philosophy is to avoid any attacks which cancause the server to consume resources in a non-linear relationship to thesize of inputs.

原文: http://docs.couchdb.org/en/stable/cve/index.html