The httpd pages are a great example as they are automatically generated[1] from this JSON v5 data from vulnogram. The script however does need to know a little bit about the project in order to group things correctly (mostly how it does versioning, and some statements around non-issues/end of life releases).
So, without a huge amount of effort, we could create a security.apache.org site with auto-generated pages for all the ASF projects and their vulnerabilities, going back a couple of years at least.
(Probably just need a little extra metadata for some projects to help the version grouping work properly, or overide with their own manual lists if they prefer them)
It's often requested we have a central ASF list of the subproject pages covering vulnerability status (and thus EOL info too probably). Pages like:
https://httpd.apache.org/security/vulnerabilities_24.html https://logging.apache.org/log4j/2.x/security.html https://tomcat.apache.org/security.html
The httpd pages are a great example as they are automatically generated[1] from this JSON v5 data from vulnogram. The script however does need to know a little bit about the project in order to group things correctly (mostly how it does versioning, and some statements around non-issues/end of life releases).
So, without a huge amount of effort, we could create a security.apache.org site with auto-generated pages for all the ASF projects and their vulnerabilities, going back a couple of years at least.
(Probably just need a little extra metadata for some projects to help the version grouping work properly, or overide with their own manual lists if they prefer them)
[1] https://github.com/apache/httpd-site/tree/main/content/security