...
- Eclipse Jetty
- https://www.eclipse.org/jetty/
- Nice features
- Security Reports includes a table of all known CVEs affecting Jetty and the release in which the vulnerability was fixed: https://www.eclipse.org/jetty/security-reports.html
- Documentation contains a section on how to configure security in Jetty: https://www.eclipse.org/jetty/documentation/current/
- Authetication and Authorization
- Limiting Form Content
- Aliased Files and Symbolic Links
- Secure Password Obfuscation
- Setting Port 80 Access for a Non-Root User
- JAAS Support
- SPNEGO Support
- Session Management
- Logging
- Observation: Jetty is a very mature project and has put a lot of time and effort into their documentation
- Ubuntu
- Ubuntu Release Notes
- Lists updated packages
- Lists security improvements
- Lists known issues
- Includes instructions for reporting bugs
- Known vulnerabilities are reported at on the Ubuntu Security Notices page: https://usn.ubuntu.com/
- Ubuntu native security features are documented in the Ubuntu guides
- Example: Ubuntu Server Guide - Chapter 7, Chapter 9 (https://help.ubuntu.com/lts/serverguide/serverguide.pdf)
- Ubuntu Release Notes