Merge branch 'main' into 'federicaJulyUpdated'

# Conflicts:
#   layouts/shortcodes/pages/home/foundation-by-the-numbers.html

Jenkinsfile

@@ -3,10 +3,12 @@
 hugo (
   appName: 'www.eclipse.org',
   productionDomain: 'www.eclipse.org',
+  branchDomain: "eclipse.org",
+  previewBranchesRegex: "staging",
   build: [
     containerImage: 'eclipsefdn/hugo-node:h0.110.0-n18.13.0',
   ],
   deployment: [
     nginxServerConf: 'config/nginx/default.conf'
   ]
-)
+)
\ No newline at end of file

config.toml

@@ -177,6 +177,42 @@ pluralizeListTitles = false
   parent = "collaborations"
   name = "Interest Group Process"
   url = "/org/collaborations/interest-groups/process.php"
+
+[[menu.sidebar]]
+  identifier = "security"
+  name = "Security"
+  url = "/security"
+  weight = 1
+
+[[menu.sidebar]]
+  parent = "security"
+  name = "Known Vulnerabilities"
+  url = "/security/known"
+  weight = 1  
+
+[[menu.sidebar]]
+  identifier = "security"
+  name = "Security"
+  url = "/security"
+  weight = 1
+
+[[menu.sidebar]]
+  parent = "security"
+  name = "Mail the Security Team"
+  url = "mailto:security@eclipse-foundation.org"
+  pre = "<i class=\"fa fa-caret-right fa-fw\"></i>"
   weight = 1
-  
 
+[[menu.sidebar]]
+  parent = "security"
+  name = "Team Members"
+  url = "/security/team"
+  pre = "<i class=\"fa fa-caret-right fa-fw\"></i>"
+  weight = 2
+
+[[menu.sidebar]]
+  parent = "security"
+  name = "Policy"
+  url = "/security/policy"
+  pre = "<i class=\"fa fa-caret-right fa-fw\"></i>"
+  weight = 3

config/nginx/default.conf

@@ -56,7 +56,7 @@ server {
     # https://git.eclipse.org/c/www.eclipse.org/getting_started.git/tree/
     rewrite /getting_started /getting-started redirect;
     rewrite /getting_started/index.php /getting-started redirect;
-  
+
     # www.eclipse.org/documentation
     # https://git.eclipse.org/c/www.eclipse.org/documentation.git/tree/
     rewrite /documentation/index.php /documentation redirect;
@@ -79,10 +79,21 @@ server {
     rewrite /contribute/dev_program/faq.php /contribute/dev-program/faq redirect;
     rewrite /contribute/cla https://accounts.eclipse.org/user/eca redirect;
     rewrite /contribute/cla/index.php https://accounts.eclipse.org/user/eca redirect;
+    
+    # www.eclipseide.org/getting-started
+    # www.eclipse.org/getting-started
+    rewrite /getting-started https://eclipseide.org/getting-started redirect;
 
     # www.eclipse.org/openchain
     rewrite /projects/openchain /openchain redirect;
 
+    # www.eclipse.org/security
+    # https://git.eclipse.org/c/www.eclipse.org/security.git/tree/
+    rewrite /security/index.php /security/ redirect;
+    rewrite /security/known.php /security/known/ redirect;
+    rewrite /security/policy.php /security/policy/ redirect;
+    rewrite /security/policy_2011.php /security/policy/ redirect;
+
     root /usr/share/nginx/html/;
     index index.html index.htm;
   }
@@ -95,4 +106,4 @@ server {
 
   # deny access to .htaccess files, if Apache's document root
   # concurs with nginx's one
-}
\ No newline at end of file
+}

content/documentation/_index.md

@@ -14,23 +14,43 @@ container: container
 ## Current releases
 
 {{< html/list_wrapper listClass="fa-ul">}}
-  <li><a href="http://help.eclipse.org/2023-03/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2023-03 (4.27) Documentation</a> (HTML Help Center)</li>
+  <li>
+    <a href="http://help.eclipse.org/2023-06/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2023-06 (4.28) Documentation</a> (HTML Help Center)
+  </li>
 {{</ html/list_wrapper >}}
 
 ## Older releases
 
 {{< html/list_wrapper listClass="fa-ul">}}
-  <li><a href="http://help.eclipse.org/2022-12/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-12 (4.26) Documentation</a> (HTML Help Center)</li>
-  <li><a href="http://help.eclipse.org/2022-09/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-09 (4.25) Documentation</a> (HTML Help Center)</li>
-  <li><a href="http://help.eclipse.org/2022-06/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-06 (4.24) Documentation</a> (HTML Help Center)</li>
-  <li><a href="http://help.eclipse.org/2022-03/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-03 (4.23) Documentation</a> (HTML Help Center)</li>
-  <li><a href="http://help.eclipse.org/2021-12/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2021-12 (4.22) Documentation</a> (HTML Help Center)</li>
+  <li>
+    <a href="http://help.eclipse.org/2023-03/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2023-03 (4.27) Documentation</a> (HTML Help Center)
+  </li>
+  <li>
+    <a href="http://help.eclipse.org/2022-12/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-12 (4.26) Documentation</a> (HTML Help Center)
+  </li>
+  <li>
+    <a href="http://help.eclipse.org/2022-09/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-09 (4.25) Documentation</a> (HTML Help Center)
+  </li>
+  <li>
+    <a href="http://help.eclipse.org/2022-06/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-06 (4.24) Documentation</a> (HTML Help Center)
+  </li>
+  <li>
+    <a href="http://help.eclipse.org/2022-03/index.jsp"><i class="fa fa-globe"></i> Eclipse IDE 2022-03 (4.23) Documentation</a> (HTML Help Center)
+  </li>
 {{</ html/list_wrapper >}}
 
-For even older releases (Photon, Oxygen, Neon, etc), please download the corresponding Eclipse SDK or any EPP package and start the Information center locally as described here:
+For even older releases (Photon, Oxygen, Neon, etc), please download the
+corresponding Eclipse SDK or any EPP package and start the Information center
+locally as described here:
 
 {{< html/list_wrapper listClass="fa-ul">}}
-  <li><a href="https://archive.eclipse.org/eclipse/downloads/"><i class="fa fa-globe"></i> Eclipse project archived downloads</a></li>
-  <li><a href="https://www.eclipse.org/downloads/packages/release/"><i class="fa fa-globe"></i> Eclipse Packaging Project (EPP) Releases</a></li>
-  <li><a href="https://help.eclipse.org/index.jsp?topic=%2Forg.eclipse.platform.doc.isv%2Fguide%2Fua_help_setup_infocenter.htm"><i class="fa fa-globe"></i> How to start or stop information center from command line</a></li>
+  <li>
+    <a href="https://archive.eclipse.org/eclipse/downloads/"><i class="fa fa-globe"></i> Eclipse project archived downloads</a>
+  </li>
+  <li>
+    <a href="https://www.eclipse.org/downloads/packages/release/"><i class="fa fa-globe"></i> Eclipse Packaging Project (EPP) Releases</a>
+  </li>
+  <li>
+    <a href="https://help.eclipse.org/index.jsp?topic=%2Forg.eclipse.platform.doc.isv%2Fguide%2Fua_help_setup_infocenter.htm"><i class="fa fa-globe"></i> How to start or stop information center from command line</a>
+  </li>
 {{</ html/list_wrapper >}}

content/getting-started/_index.md

----
-title: "Getting Started"
-date: 2022-07-25T09:50:06-04:00
-description: ""
-categories: []
-keywords: ["eclipse resources", "courses", "books", "events", "plug-ins", "Getting Started with Eclipse", "help eclipse", "eclipse documentation links", "Get Involved with Eclipse", "support eclipse"]
-author: "Christopher Guindon"
-slug: ""
-aliases: []
-toc: false
-draft: false
-hide_page_title: true
-hide_sidebar: true
-layout: single
-#header_wrapper_class: ""
-#seo_title: ""
-#headline: ""
-#subtitle: ""
-#tagline: ""
-#links: []
----
-
-{{< pages/getting-started/landing-page >}}
\ No newline at end of file

content/home/search.md

@@ -10,7 +10,7 @@ draft: false
 lastmod: 2022-03-21T18:52:12.407Z
 main_sidebar_custom_html: >
   <div class="eclipsefdn-promo-content text-center"
-  data-ad-format="ads_square,ads_medium_banner"
+  data-ad-format="ads_square"
   data-ad-publish-to="eclipse_org_home"></div>
 hide_sidebar_menu_links: true
 ---

content/research/_index.md

@@ -16,7 +16,7 @@ hide_page_title: true
 show_featured_story: false
 show_featured_footer: false
 
-#links: [[href: "https://events.eclipse.org/2020/sam-iot/sam-iot-cfp.pdf", text: "Download call for papers"]]
+links: [[href: "#projects", text: "Research Projects"], [href: "#collaborations", text: "Collaborations"]]
 container: "container-fluid"
 header_wrapper_class: "header-default-bg-img small-jumbotron-subtitle"
 page_css_file : public/css/research-styles.css
@@ -41,13 +41,15 @@ custom_jumbotron: |
 
 {{< pages/research/home-section-organizations >}}
 
-{{< grid/section-container class="row-gray padding-top-40 padding-bottom-40 margin-bottom-40" isMarkdown="false" >}}
+{{< grid/section-container id="projects" class="row-gray padding-top-40 padding-bottom-40" isMarkdown="false" >}}
     <h2 class="text-center margin-bottom-40">The Eclipse Foundation is a Partner in these Projects</h2>
     {{< eclipsefdn_projects is_static_source="true" url="/research/projects/index.json" templateId="tpl-projects-item-research" display_view_more="false" >}}
 {{</ grid/section-container >}}
 
-{{< pages/research/newsroom-section working_group="research" class="margin-bottom-30" resource_class="col-md-5 newsroom-resource-card newsroom-resource-card-match-height match-height-item" >}}
+{{< pages/research/collaboration-section >}}
+
+{{< pages/research/newsroom-section id="collaborations" working_group="research" class="margin-bottom-30" resource_class="col-md-5 newsroom-resource-card newsroom-resource-card-match-height match-height-item" >}}
 
 {{< pages/research/home-section-contact >}}
 
-{{< mustache_js template-id="tpl-projects-item-research" path="/js/src/templates/research/tpl-projects-item-research.mustache" >}}
\ No newline at end of file
+{{< mustache_js template-id="tpl-projects-item-research" path="/js/src/templates/research/tpl-projects-item-research.mustache" >}}

content/research/projects/appstacle.md

@@ -9,7 +9,7 @@ linkedin: "https://www.linkedin.com/company/itea3"
 twitter: "http://twitter.com/appstacle"
 youtube: "https://www.youtube.com/channel/UC3BnXf0r7qguzHIq1FzeBtw"
 funding_bodies: ["itea3"]
-eclipse_projects: ["iot.kuksa"]
+eclipse_projects: ["automotive.kuksa"]
 referenced_eclipse_projects: ["iot.ditto", "iot.hawkbit", "iot.hono", "iot.leshan", "ecd.che", "ecd.theia"]
 project_topic: Automotive
 summary: "Open Standard Application Platform for Cars and Transportation Vehicles"

content/security/_index.md

+---
+title: Eclipse Vulnerability Reporting
+keywords: ['report', 'vulnerability']
+hide_page_title: true
+layout: single
+---
+
+# How to report a vulnerability?
+
+If you would like to report a security vulnerability in an Eclipse Foundation
+project, first check the project's repository for the `SECURITY.md` file and
+follow specific instructions for that project. If there is no specific
+information there, you have two options. Either report the issue by email to
+the [Eclipse Foundation Security Team](mailto:security@eclipse-foundation.org), 
+or use the [dedicated issue tracker](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability).
+
+## Additional Information
+
+The **Eclipse Foundation Security Team** provides help and advice to Eclipse
+Foundation projects on vulnerability issues and is the first point of contact
+for handling security vulnerabilities. Members of the Eclipse Foundation
+Security Team are selected amongs committers on Eclipse Projects, members of
+the Eclipse Architecture Council, and Eclipse Foundation staff.
+
+The general security mailing list address is <security@eclipse-foundation.org>.
+Members of the Eclipse Foundation Security Team will receive messages sent to
+this address. This address should be used only for reporting undisclosed
+vulnerabilities; regular issue reports and questions unrelated to
+vulnerabilities in Eclipse Foundation software will be ignored. Note that this
+email set to this address is not encrypted.
+
+**Note that, as a matter of policy, the security team does not open attachments.**
+
+The community is also encouraged to report vulnerabilities using the [Eclipse
+Foundation's issue tracker](https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/new?issuable_template=new_vulnerability). 
+Note that you will need an Eclipse Foundation account to create an issue report
+([create an account here if you do not have one](https://accounts.eclipse.org/user/register?destination=user)), 
+but by doing so you will be able to participate directly in the resolution of
+the issue.
+
+Issue reports related to vulnerabilities must be marked as "confidential",
+either automatically by clicking the provided link by the reporter, or by a
+committer during the triage process.
+
+## Disclosure
+
+The timing and manner of disclosure is governed by the [Eclipse Foundation Vulnerability Reporting Policy](/security/policy).
+
+Publicly disclosed issues are listed on the [Disclosed Vulnerabilities page](/security/known).

content/security/known/_index.md

+---
+title: "Known Vulnerabilities"
+date: 2022-08-30T13:14:48-04:00
+description: "List of security vulnerabilities known to affect Eclipse Foundation sites and projects"
+keywords: ['Eclipse', 'projects', 'security', 'cve']
+layout: single
+---
+
+This page lists security vulnerabilities known to affect Eclipse Foundation sites and projects.
+
+{{< pages/security/known >}}

content/security/policy/index.md

+---
+title: Eclipse Foundation Vulnerability Reporting Policy
+seo_title: Vulnerability Reporting Policy | Eclipse Foundation
+keywords: [eclipse, project, security]
+tags: [eclipse, project, security]
+---
+
+Version 1.1 February 4/2020
+
+## Overview
+
+The purpose of the Eclipse Vulnerability Reporting Policy is to set forth the
+general principles under which the Eclipse Foundation manages the reporting,
+management, discussion, and disclosure of Vulnerabilities discovered in Eclipse
+software. This Vulnerability Reporting Policy applies to all software
+distributed by the Eclipse Foundation, including all software authored by
+Eclipse Committers and third-parties. This Eclipse Vulnerability Reporting
+Policy should at all times be interpreted in a manner that is consistent with
+the Purposes of the Eclipse Foundation as set forth in the
+[Eclipse Foundation Bylaws](/org/documents/eclipse_foundation-bylaws.pdf) and
+the [Eclipse Foundation Development Process](/org/projects/dev_process/).
+
+## Terms
+
+**Security Team**
+
+The Security Team, or "Eclipse Security Team" is the team tasked with security
+and Vulnerability management on behalf of the Eclipse community.
+
+**Vulnerability**
+
+This policy uses the ISO 27005 definition of Vulnerability: "A weakness of an
+asset or group of assets that can be exploited by one or more threats."
+
+Other terms used in this document are defined in the
+[Eclipse Foundation Development Process](/projects/dev_process/).
+
+## Eclipse Security Team
+
+The Eclipse Security Team is the first line of defense: it is effectively a
+triage unit with security and Vulnerability management expertise. The Security
+Team exists to provide assistance; Vulnerabilities are addressed and resolved by
+project committers with guidance and assistance from the Security Team.
+
+The Security Team is composed of a small number of security experts and
+representatives from the Project Management Committees. All members are
+appointed by EMO(ED) or their designate.
+
+## Discussion
+
+The Eclipse Foundation is responsible for establishing communication channels
+for the Security Team.
+
+Every potential issue reported on established communication channels should be
+triaged and relevant parties notified. Initial discussion of a potential
+Vulnerability may occur privately amongst members of the project and Security
+Team. Discussion should be moved to and tracked by an Eclipse
+Foundation-supported issue tracker as early as possible once confirmed so the
+mitigation process may proceed. Appropriate effort must be undertaken to ensure
+the initial visibility, as well as the legitimacy, of every reported issue.
+
+## Resolution
+
+A Vulnerability is considered resolved when either a patch or workaround is
+available, or it is determined that a fix is not possible or desirable.
+
+It is left to the discretion of the Security Team and Project Leadership Chain
+to determine what subset of the project team are best suited to resolve
+Vulnerabilities. The Security Team and project leaders may also — at their
+discretion — assemble external resources (e.g. subject matter experts) or call on
+the expertise of the Eclipse Architecture Council.
+
+In the unlikely event that a project team does not engage in good faith to
+resolve a disclosed Vulnerability, an Eclipse Foundation member may — at their
+discretion — engage in the Grievance Process as defined by the
+[Eclipse Foundation Development Process](/projects/dev_process/).
+
+## Distribution
+
+Once a Vulnerability has been resolved, the updated software must be made
+available to the community.
+
+At a minimum, updated software must be made available via normal project
+distribution channels.
+
+## Disclosure
+
+Disclosure is initially limited to the reporter and all Eclipse Committers, but
+may be expanded to include other individuals.
+
+All Vulnerabilities must be disclosed, regardless of the resolution. Users and
+administrators of Eclipse software must be made aware that a Vulnerability
+exists so they may assess risk, and take the appropriate action to protect their
+users, servers and systems from potential exploit.
+
+### Timing
+
+The timing of disclosure is left to the discretion of the Project Leadership
+Chain. In the absence of specific guidance from the Project Leadership Chain,
+the following guidelines are recommended:
+
+- Vulnerabilities for which there is a patch, workaround or fix, should be
+  disclosed to the community immediately; and
+- Vulnerabilities — regardless of state — must be disclosed to the
+  community after a maximum three months.
+
+Vulnerabilities need not necessarily be resolved at the time of disclosure.
+
+### Quiet Disclosure
+
+A Vulnerability may be quietly disclosed by simply removing visibility
+restrictions.
+
+In general, quiet disclosure is appropriate only for issues that are identified
+by a committer as having been erroneously marked as Vulnerabilities.
+
+### Progressive Disclosure
+
+Knowledge of a Vulnerability can be extended to specific individuals before it
+is reported to the community. A Vulnerability may — at the discretion of the
+committer — be disclosed to specific individuals. A committer may, for example,
+provide access to a subject-matter expert to solicit help or advice. A
+Vulnerability may also be disclosed to known adopters to allow them an
+opportunity to mitigate their immediate risk and prepare for a forthcoming
+resolution.
+
+### Full Disclosure
+
+All Vulnerabilities must eventually be fully disclosed to the community at
+large.
+
+To complete the disclosure of a Vulnerability, all restrictions on visibility
+must be removed and the Vulnerability reported via channels provided by the
+Eclipse Foundation.
+
+### Reporting
+
+A project team may, at their discretion, opt to disclose a Vulnerability to a
+reporting authority.
+
+The EMO will determine how to engage with Vulnerability reporting authorities.
+
+## History
+
+Changes made in this document:
+
+### Change Log
+
+#### [2019] - 2019-03-06 (version 1.1)
+
+##### Changes
+
+- Changed the name from "Security Policy" to "Vulnerability Reporting Policy"
+- Formalized terms into their own section.
+- Changed several occurances of the word "can" to "may" to improve clarity.
+
+##### Added
+
+- Added a pointer to the Grievance Handling section of the Eclipse Foundation Development Process.
+
+##### Removed
+
+- Removed references to specific technology (e.g., Bugzilla or specific mailing
+  lists). These are implementation details.
+- Removed references to the Eclipse Planning Council and Simultaneous Release.

content/security/team/_index.md

+---
+title: Eclipse Foundation Security Team
+seo_title: Security Team | Security | Eclipse Foundation
+---
+
+## Staff Members
+
+{{< pages/security/team type="staff" >}}
+
+
+## Community Members
+
+{{< pages/security/team type="community" >}}