WIP on docs (#2819)

* Some improvements for introduction/performance.md

* Minor improvements for example_datasets

* Add website/package-lock.json to .gitignore

* YT paragraph was badly outdated and there is no real reason to write a new one

* Use weird introduction article as a starting point for F.A.Q.

* Some refactoring of first half of ya_metrika_task.md

* minor

* Weird docs footer bugfix

* Forgotten redirect

* h/v scrollbars same size in docs

* CLICKHOUSE-3831: introduce security changelog

* A bit more narrow tables on docs front page

docs/en/index.md

@@ -4,12 +4,12 @@ ClickHouse is a columnar database management system (DBMS) for online analytical
 
 In a "normal" row-oriented DBMS, data is stored in this order:
 
-| Row | WatchID             | JavaEnable | Title              | GoodEvent | EventTime           |
-| --- | ------------------- | ---------- | ------------------ | --------- | ------------------- |
-| #0  | 5385521489354350662 | 1          | Investor Relations | 1         | 2016-05-18 05:19:20 |
-| #1  | 5385521490329509958 | 0          | Contact us         | 1         | 2016-05-18 08:10:20 |
-| #2  | 5385521489953706054 | 1          | Mission            | 1         | 2016-05-18 07:38:00 |
-| #N  | ...                 | ...        | ...                | ...       | ...                 |
+| Row | WatchID     | JavaEnable | Title              | GoodEvent | EventTime           |
+| --- | ----------- | ---------- | ------------------ | --------- | ------------------- |
+| #0  | 89354350662 | 1          | Investor Relations | 1         | 2016-05-18 05:19:20 |
+| #1  | 90329509958 | 0          | Contact us         | 1         | 2016-05-18 08:10:20 |
+| #2  | 89953706054 | 1          | Mission            | 1         | 2016-05-18 07:38:00 |
+| #N  | ...         | ...        | ...                | ...       | ...                 |
 
 In order words, all the values related to a row are physically stored next to each other.
 
@@ -21,7 +21,7 @@ In a column-oriented DBMS, data is stored like this:
 
 | Row:        | #0                  | #1                  | #2                  | #N                  |
 | ----------- | ------------------- | ------------------- | ------------------- | ------------------- |
-| WatchID:    | 5385521489354350662 | 5385521490329509958 | 5385521489953706054 | ...                 |
+| WatchID:    | 89354350662         | 90329509958         | 89953706054         | ...                 |
 | JavaEnable: | 1                   | 0                   | 1                   | ...                 |
 | Title:      | Investor Relations  | Contact us          | Mission             | ...                 |
 | GoodEvent:  | 1                   | 1                   | 1                   | ...                 |

docs/en/security_changelog.md

+## Fixed in ClickHouse release 1.1.54388, 2018-06-28
+
+### CVE-2018-14668
+"remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
+
+Credits: Andrey Krasichkov of Yandex Information Security Team
+
+## Fixed in ClickHouse release 1.1.54390, 2018-07-06
+
+### CVE-2018-14669
+ClickHouse MySQL client had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
+
+Credits: Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team
+
+## Fixed in ClickHouse release 1.1.54131, 2017-01-10
+
+### CVE-2018-14670
+
+Incorrect configuration in deb package could lead to unauthorized use of the database.
+
+Credits: the UK's National Cyber Security Centre (NCSC)
\ No newline at end of file

docs/redirects.txt

@@ -115,3 +115,4 @@ table_functions/merge.md query_language/table_functions/merge.md
 table_functions/numbers.md query_language/table_functions/numbers.md
 table_functions/remote.md query_language/table_functions/remote.md
 query_language/queries.md query_language.md
+introduction/possible_silly_questions.md faq/general.md

docs/ru/security_changelog.md

+## Исправлено в релизе 1.1.54388 от 28 июня 2018 
+
+### CVE-2018-14668
+Табличная функция "remote" допускала произвольные символы в полях "user", "password" и "default_database", что позволяло производить атаки класса Cross Protocol Request Forgery.
+
+Обнаружено благодаря: Андрею Красичкову из Службы Информационной Безопасности Яндекса
+
+## Исправлено в релизе 1.1.54390 от 6 июля 2018
+
+### CVE-2018-14669
+В ClickHouse MySQL клиенте была включена функциональность "LOAD DATA LOCAL INFILE", что позволяло получать доступ на чтение к произвольным файлам на сервере, где запущен ClickHouse.
+
+Обнаружено благодаря: Андрею Красичкову и Евгению Сидорову из Службы Информационной Безопасности Яндекса
+
+## Исправлено в релизе 1.1.54131 от 10 января 2017
+
+### CVE-2018-14670
+
+Некоррректная конфигурация в deb пакете могла привести к неавторизованному доступу к базе данных.
+
+Обнаружено благодаря: the UK's National Cyber Security Centre (NCSC)
\ No newline at end of file

docs/toc_en.yml

@@ -172,3 +172,4 @@ pages:
 
 - 'Roadmap': 'roadmap.md'
 - 'Changelog': 'changelog.md'
+- 'Security changelog': 'security_changelog.md'

docs/toc_ru.yml

@@ -178,3 +178,4 @@ pages:
 
 - 'Roadmap': 'roadmap.md'
 - 'Changelog': 'changelog.md'
+- 'Security changelog': 'security_changelog.md'