2018 CoC Committee Annual Report announcement.

diff --git a/templates/index.html b/templates/index.html
index c5506b5ea59ebeebbe1db4cdcc81c07c461ef1e8..74d0b552e03cc96bf39713bc1fe772b1f82c8d26 100644 (file)
--- a/templates/index.html
+++ b/templates/index.html
@@ -138,33 +138,25 @@
       <h2 class="centered-lines">Latest News</h2>
       <!-- Featured Post -->
         <header>
-          <h3><a href="/about/news/1935/">CVE-2019-9193: Not a Security Vulnerability</a></h3>
+          <h3><a href="/about/news/1936/">PostgreSQL Code of Conduct Committee 2018 Annual Report</a></h3>
           <ul class="meta">
-            <li><i class="far fa-clock"></i>&nbsp;2019-04-04</li>
+            <li><i class="far fa-clock"></i>&nbsp;2019-04-15</li>
             <!--<li><i class="far fa-comments"></i> 0</li>-->
           </ul>
         </header>
         <p>
-          There is widespread mention in the media of a security vulnerability
-          in PostgreSQL, registered as <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-9193" target="_blank">CVE-2019-9193</a>.
-          The PostgreSQL Security Team would like to emphasize that this is <strong>not
-          a security vulnerability</strong>.
+          The <a href="/about/policies/coc_committee/">PostgreSQL Code of Conduct Committee</a>
+          has delivered their <a href="/about/policies/coc/reports/2018/">2018 Annual Report</a>
+          summarizing the types of complaints received and actions taken since
+          the <a href="/about/policies/coc/">Code of Conduct</a> took effect in 2018
+          through the end of the year. All complaints and actions are anonymized
+          to protect the identities of all parties involved.
         </p>
         <p>
-          The <a href="/docs/current/sql-copy.html">COPY .. PROGRAM</a> feature
-          explicitly states that it can only be executed by database users that
-          have been granted superuser privileges or the default role <code>pg_execute_server_program</code>.
-          By design, this feature allows one who is granted superuser or <code>pg_execute_server_program</code>
-          to perform actions as the operating system user the PostgreSQL server
-          runs under (normally "postgres"). The default roles <code>pg_read_server_files</code>
-          and <code>pg_write_server_files</code> that are mentioned in the CVE
-          do not grant permission for a database user to use COPY .. PROGRAM.
-        </p>
-        <p>
-          For more information, please read our full statement <a href="/about/news/1935/">here</a>.
         </p>
         <ul class="bold">
-          <li><a href="/about/news/1935/">Read the Full Statement</a></li>
+          <li><a href="/about/policies/coc/reports/2018/">2018 Code of Conduct Committee Annual Report</a></li>
+          <!-- <li><a href="/about/news/1936/">Read the Full Statement</a></li> -->
           <!-- <li><a href="/docs/11/release-11-2.html">Release Notes</a></li>
           <li><a href="/download/">Download</a></li> -->
         </ul>

diff --git a/templates/pages/include/topbar.html b/templates/pages/include/topbar.html
index 99ba1514dd741338575c067fbb6a1762f31b4034..87e53d9887a0ddaca993962d31be9d2d3a7320a0 100644 (file)
--- a/templates/pages/include/topbar.html
+++ b/templates/pages/include/topbar.html
@@ -1 +1 @@
-4th April 2019: <a href="{{link_root}}/about/news/1935/">CVE-2019-9193: Not a Security Vulnerability</a>
+15th April 2019: <a href="{{link_root}}/about/news/1936/">PostgreSQL Code of Conduct Committee 2018 Annual Report</a>