You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@unomi.apache.org by sh...@apache.org on 2021/04/28 07:43:07 UTC
svn commit: r1889256 - in /unomi/website: contribute-release-guide.html
documentation.html download.html index.html security/cve-2021-31164.txt
Author: shuber
Date: Wed Apr 28 07:43:06 2021
New Revision: 1889256
URL: http://svn.apache.org/viewvc?rev=1889256&view=rev
Log:
[scm-publish] Updating Unomi website
Added:
unomi/website/security/cve-2021-31164.txt
Modified:
unomi/website/contribute-release-guide.html
unomi/website/documentation.html
unomi/website/download.html
unomi/website/index.html
Modified: unomi/website/contribute-release-guide.html
URL: http://svn.apache.org/viewvc/unomi/website/contribute-release-guide.html?rev=1889256&r1=1889255&r2=1889256&view=diff
==============================================================================
--- unomi/website/contribute-release-guide.html (original)
+++ unomi/website/contribute-release-guide.html Wed Apr 28 07:43:06 2021
@@ -220,7 +220,7 @@ git checkout -b unomi-1.5.x
<pre class="alert alert-primary"><code>mvn clean install -DskipITs=true -DskipTests=true -P integration-tests,performance-tests,rat,apache-release,docker,\!run-tests</code></pre>
</li>
<li>Check that there are no JARs or ZIP files in the source code, you can do this by looking at the generated RAT report here :
- <pre class="alert alert-primary"><code>less target/unomi-root-1.5.5-SNAPSHOT.rat</code></pre>
+ <pre class="alert alert-primary"><code>less target/unomi-root-1.5.6-SNAPSHOT.rat</code></pre>
</li>
<li>Check that the KEYS file only contains signatures with @apache.org addresses (if there are non @apache.org don???t remove them because they have
been used to sign older releases)
@@ -245,16 +245,18 @@ gpg: signing failed: Inappropriate ioctl
<a href="https://www.apache.org/dev/publishing-maven-artifacts.html" target="_blank">https://www.apache.org/dev/publishing-maven-artifacts.html</a> and <a href="https://maven.apache.org/guides/mini/guide-encryption.html#How_to_encrypt_server_passwords" target="_blank">https://maven.apache.org/guides/mini/guide-encryption.html#How_to_encrypt_server_passwords</a>
</li>
<li>Check into the target directory and unzip the source release and compile it using:
- <pre class="alert alert-primary"><code>cd target
-gpg --verify unomi-root-1.5.5-SNAPSHOT-source-release.zip.asc unomi-root-1.5.5-SNAPSHOT-source-release.zip
-shasum -a 512 unomi-root-1.5.5-SNAPSHOT-source-release.zip
-cat unomi-root-1.5.5-SNAPSHOT-source-release.zip.sha512
-unzip unomi-root-1.5.5-SNAPSHOT-source-release.zip
-cd unomi-root-1.5.5-SNAPSHOT
-mvn clean install</code></pre>
+ <pre class="alert alert-primary"><code>pushd
+cd target
+gpg --verify unomi-root-1.5.6-SNAPSHOT-source-release.zip.asc unomi-root-1.5.6-SNAPSHOT-source-release.zip
+shasum -a 512 unomi-root-1.5.6-SNAPSHOT-source-release.zip
+cat unomi-root-1.5.6-SNAPSHOT-source-release.zip.sha512
+unzip unomi-root-1.5.6-SNAPSHOT-source-release.zip
+cd unomi-root-1.5.6-SNAPSHOT
+mvn clean install
+popd</code></pre>
to check that the packaged source build properly
</li>
- <li>Go back to the root project directory and run:
+ <li>Go back to the root project directory (pushd/popd did that for you normally) and run:
<pre class="alert alert-primary"><code>mvn release:prepare -DskipITs=true -DskipTests=true -Darguments="-DskipITs=true -DskipTests=true" -DdryRun=true -P apache-release,integration-tests,performance-tests,docker,\!run-tests</code></pre>
</li>
<li>Publish a snapshot to test the deployment passwords:
@@ -272,7 +274,7 @@ mvn clean install</code></pre>
<li>If something fails, make sure you first drop the staging repository created here: <a href="https://repository.apache.org/#stagingRepositories" target="_blank">https://repository.apache.org/#stagingRepositories</a>.<br>
If you need to relaunch the <code>release:perform</code> and don???t have a release.properties, create a <code>release.properties</code> file with the following contents:
<pre class="alert alert-primary"><code>scm.url=scm:git:https://gitbox.apache.org/repos/asf?p=unomi.git
-scm.tag=unomi-root-1.5.5
+scm.tag=unomi-root-1.5.6
and run mvn release:perform</code></pre>
</li>
<li>Make sure you uploaded your public PGP key using:
@@ -280,7 +282,7 @@ and run mvn release:perform</code></pre>
</li>
<li>Connect to <a href="https://repository.apache.org/#stagingRepositories" target="_blank">https://repository.apache
.org/#stagingRepositories</a> and look for the open staging repositories, you should have two (one for everything and the other for KAR/features) for releases <= 1.2 and just one for versions >= 1.3.0 (because of changes in the Karaf plugins). Close the repositories and given a meaningful comment when closing such as:<br>
- <strong>Apache Unomi 1.5.5 Release Candidate 1</strong>
+ <strong>Apache Unomi 1.5.6 Release Candidate 1</strong>
</li>
</ol>
@@ -291,48 +293,55 @@ and run mvn release:perform</code></pre>
</li>
<li>
<pre class="alert alert-primary"><code>cd unomi-dev
-mkdir 1.5.5</code></pre>
+mkdir 1.5.6</code></pre>
</li>
<li>
Copy all the Zip and Tarbars including ASC (but do not copy the SHA1 or MD5 sum) files from:
- <a href="https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi/1.5.5/" target="_blank">https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi/1.5.5/</a>
+ <a href="https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi/1.5.6/" target="_blank">https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi/1.5.6/</a>
and
- <a href="https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi-root/1.5.5/" target="_blank">https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi-root/1.5.5/</a>
+ <a href="https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi-root/1.5.6/" target="_blank">https://repository.apache.org/content/repositories/orgapacheunomi-1014/org/apache/unomi/unomi-root/1.5.6/</a>
+ using commands such as : <pre class="alert alert-primary"><code>wget https://repository.apache.org/content/repositories/orgapacheunomi-1030/org/apache/unomi/unomi-root/1.5.6/unomi-root-1.5.6-source-release.zip
+wget https://repository.apache.org/content/repositories/orgapacheunomi-1030/org/apache/unomi/unomi-root/1.5.6/unomi-root-1.5.6-source-release.zip.asc
+wget https://repository.apache.org/content/repositories/orgapacheunomi-1030/org/apache/unomi/unomi/1.5.6/unomi-1.5.6.tar.gz
+wget https://repository.apache.org/content/repositories/orgapacheunomi-1030/org/apache/unomi/unomi/1.5.6/unomi-1.5.6.tar.gz.asc
+wget https://repository.apache.org/content/repositories/orgapacheunomi-1030/org/apache/unomi/unomi/1.5.6/unomi-1.5.6.zip
+wget https://repository.apache.org/content/repositories/orgapacheunomi-1030/org/apache/unomi/unomi/1.5.6/unomi-1.5.6.zip.asc</code></pre>
+
</li>
<li>
Rename the source and binary files to something shorter and consistent with previous releases and generate
the SHA 512 checksum manually:
<pre class="alert alert-primary"><code>
-mv unomi-root-1.5.5-source-release.zip unomi-1.5.5-src.zip
-mv unomi-root-1.5.5-source-release.zip.asc unomi-1.5.5-src.zip.asc
-shasum -a 512 unomi-1.5.5-src.zip > unomi-1.5.5-src.zip.sha512
-
-mv unomi-1.5.5.zip unomi-1.5.5-bin.zip
-mv unomi-1.5.5.zip.asc unomi-1.5.5-bin.zip.asc
-shasum -a 512 unomi-1.5.5-bin.zip > unomi-1.5.5-bin.zip.sha512
-
-mv unomi-1.5.5.tar.gz unomi-1.5.5-bin.tar.gz
-mv unomi-1.5.5.tar.gz.asc unomi-1.5.5-bin.tar.gz.asc
-shasum -a 512 unomi-1.5.5-bin.tar.gz > unomi-1.5.5-bin.tar.gz.sha512
+mv unomi-root-1.5.6-source-release.zip unomi-1.5.6-src.zip
+mv unomi-root-1.5.6-source-release.zip.asc unomi-1.5.6-src.zip.asc
+shasum -a 512 unomi-1.5.6-src.zip > unomi-1.5.6-src.zip.sha512
+
+mv unomi-1.5.6.zip unomi-1.5.6-bin.zip
+mv unomi-1.5.6.zip.asc unomi-1.5.6-bin.zip.asc
+shasum -a 512 unomi-1.5.6-bin.zip > unomi-1.5.6-bin.zip.sha512
+
+mv unomi-1.5.6.tar.gz unomi-1.5.6-bin.tar.gz
+mv unomi-1.5.6.tar.gz.asc unomi-1.5.6-bin.tar.gz.asc
+shasum -a 512 unomi-1.5.6-bin.tar.gz > unomi-1.5.6-bin.tar.gz.sha512
</code></pre>
</li>
<li>
<pre class="alert alert-primary"><code>cd ..
-svn add 1.5.5</code></pre>
+svn add 1.5.6</code></pre>
</li>
<li>
If needed, update the KEYS file (that is in the svn checkout <code>https://dist.apache.org/repos/dist/release/unomi</code>)
</li>
<li>
- <pre class="alert alert-primary"><code>svn commit -m "Apache 1.5.5 Release (for PMC voting)"</code></pre>
+ <pre class="alert alert-primary"><code>svn commit -m "Apache 1.5.6 Release (for PMC voting)"</code></pre>
</li>
<li>Send out to the Unomi mailing list a mail to start the voting process, see <a href="#mail-1">[1]</a></li>
<li>If the vote is refused or cancelled, peform the following steps to restart the release process:
<ol>
<li>Drop the release in <a href="https://repository.apache.org/#stagingRepositories" target="_blank">Nexus</a></li>
<li>Remove the tag in Git:
- <pre class="alert alert-primary"><code>git push --delete origin unomi-root-1.5.5
-git tag -d unomi-root-1.5.5</code></pre>
+ <pre class="alert alert-primary"><code>git push --delete origin unomi-root-1.5.6
+git tag -d unomi-root-1.5.6</code></pre>
</li>
<li>Correct any problems in the source, make sure to do them in master and cherry-pick them to the relevant branches</li>
<li>Reset all versions with the following command:
@@ -355,7 +364,7 @@ git tag -d unomi-root-1.5.5</code></pre>
<ol>
<li>
Move the files uploaded to the unomi-dev repository to the unomi-release repository by doing the following:
- <pre class="alert alert-primary"><code>svn mv https://dist.apache.org/repos/dist/dev/unomi/1.5.5 https://dist.apache.org/repos/dist/release/unomi/1.5.5 -m "Apache Unomi 1.5.5 Release"</code></pre>
+ <pre class="alert alert-primary"><code>svn mv https://dist.apache.org/repos/dist/dev/unomi/1.5.6 https://dist.apache.org/repos/dist/release/unomi/1.5.6 -m "Apache Unomi 1.5.6 Release"</code></pre>
</li>
<li>
Update Jenkins
@@ -391,7 +400,7 @@ mvn install scm-publish:publish-scm -Dus
</li>
<li>
Then make sure to commit all the changes to the web site's git project:
- <pre class="alert alert-primary"><code>git commit -m "Apache Unomi 1.5.5 Release website update"</code></pre>
+ <pre class="alert alert-primary"><code>git commit -m "Apache Unomi 1.5.6 Release website update"</code></pre>
</li>
</ol>
@@ -409,14 +418,14 @@ mvn install scm-publish:publish-scm -Dus
You will now need to publish the new version of the manual as downloadable resources
<pre class="alert alert-primary"><code>cd manual
cd target
-svn co https://dist.apache.org/repos/dist/release/unomi/1.5.5
-mv unomi-manual-1_5_x.pdf 1.5.5
-mv unomi-manual-1_5_x.pdf.asc 1.5.5
-mv unomi-manual-1_5_x.zip 1.5.5
-mv unomi-manual-1_5_x.pdf.sha512 1.5.5
-mv unomi-manual-1_5_x.zip.asc 1.5.5
-mv unomi-manual-1_5_x.zip.sha512 1.5.5
-cd 1.5.5
+svn co https://dist.apache.org/repos/dist/release/unomi/1.5.6
+mv unomi-manual-1_5_x.pdf 1.5.6
+mv unomi-manual-1_5_x.pdf.asc 1.5.6
+mv unomi-manual-1_5_x.zip 1.5.6
+mv unomi-manual-1_5_x.pdf.sha512 1.5.6
+mv unomi-manual-1_5_x.zip.asc 1.5.6
+mv unomi-manual-1_5_x.zip.sha512 1.5.6
+cd 1.5.6
svn add unomi-manual*
svn commit -m "Update Unomi manual packages"</code></pre>
</li>
@@ -427,7 +436,7 @@ svn commit -m "Update Unomi manual packa
<ol>
<li>
Checkout the tagged version:
- <pre class="alert alert-primary"><code>git checkout tags/unomi-root-1.5.5</code></pre>
+ <pre class="alert alert-primary"><code>git checkout tags/unomi-root-1.5.6</code></pre>
</li>
<li>
Change to the Docker directory. Make sure you have docker running locally (start Docker Desktop for
@@ -445,8 +454,8 @@ mvn docker:push</code></pre>
<h3 id="rollback">Rollback</h3>
<ol>
<li>Delete the tag:
- <pre class="alert alert-primary"><code>git push --delete origin unomi-root-1.5.5
-git tag --delete unomi-root-1.5.5</code></pre>
+ <pre class="alert alert-primary"><code>git push --delete origin unomi-root-1.5.6
+git tag --delete unomi-root-1.5.6</code></pre>
</li>
<li>Reset to the previous commit before the release preparation:
<pre class="alert alert-primary"><code>git reset --hard c65f9897ec5f31d9d22ad639738c7db9d109aa77
@@ -465,7 +474,14 @@ git push origin -f</code></pre>
<p>Tweet, post on Facebook, LinkedIn, and other platforms. Ask other contributors to do the same.</p>
- <!--<p>Also, update <a target="_blank" href="https://en.wikipedia.org/wiki/Apache_Unomi">the Wikipedia article on Apache Unomi</a>.</p>-->
+ <h3 id="remove-old-releases">Remove old releases</h3>
+
+ <p>
+ In order to lighten the load on mirrors, remove old releases from the dist server once the new release
+ has properly been deployed to all the mirrors. Old releases are automatically archived so they are
+ not needed on the mirrors anymore. Just make sure that all the links in the download page do point
+ to the archive server.
+ </p>
<h3 id="checklist-to-declare-the-process-completed">Checklist to declare the process completed</h3>
@@ -474,7 +490,7 @@ git push origin -f</code></pre>
<li>Release recorded in reporter.apache.org.</li>
<li>Release announced on social media.</li>
<li>Completion declared on the dev@ mailing list.</li>
- <!--<li>Update Wikipedia Apache Unomi article.</li>-->
+ <li>Check that old release where removed from the dist server</li>
</ol>
<h2 id="improve-the-process">Improve the process</h2>
@@ -489,11 +505,11 @@ git push origin -f</code></pre>
<h6 id="mail-1" class="pt-3">[1] Mail template for the Unomi PMC vote:</h6>
<pre class="alert alert-primary"><code>
-Subject: [VOTE] Apache Unomi 1.5.5 release [TAKE2]
+Subject: [VOTE] Apache Unomi 1.5.6 release [TAKE2]
Body:
Hi all,
-I submit Apache Unomi 1.5.5 release [TAKE2] to your vote.
+I submit Apache Unomi 1.5.6 release [TAKE2] to your vote.
The following corrections were done since TAKE 1:
NOTICE year (2016) has been updated to 2018
@@ -507,18 +523,18 @@ Staging Repository:
You can find the sources here :
*https://repository.apache.org/content/repositories/orgapacheunomi-1021/org/apache/
-unomi/unomi-root/1.5.5/unomi-root-1.5.5-source-release.zip
+unomi/unomi-root/1.5.6/unomi-root-1.5.6-source-release.zip
<https://repository.apache.org/content/repositories/orgapacheunomi-1021/org/apache/
-unomi/unomi-root/1.5.5/unomi-root-1.5.5-source-release.zip>*
+unomi/unomi-root/1.5.6/unomi-root-1.5.6-source-release.zip>*
Convenience binaries are also available here:
*https://repository.apache.org/content/repositories/orgapacheunomi-1021/org/apache/
-unomi/unomi/1.5.5/
+unomi/unomi/1.5.6/
<https://repository.apache.org/content/repositories/orgapacheunomi-1021/org/apache/
-unomi/unomi/1.5.5/>*
+unomi/unomi/1.5.6/>*
Git tag:
-unomi-root-1.5.5
+unomi-root-1.5.6
Release Notes:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319220&
@@ -540,7 +556,7 @@ Regards
<h6 id="mail-2" class="pt-3">[2] Mail template for the results of the Unomi PMC vote:</h6>
<pre class="alert alert-primary"><code>
-Subject: [RESULT][VOTE] Apache Unomi 1.5.5 release [TAKE2]
+Subject: [RESULT][VOTE] Apache Unomi 1.5.6 release [TAKE2]
Body:
Hi,
@@ -560,7 +576,7 @@ John Doe 5
No 0 or -1.
-The proposal to release Unomi 1.5.5 is approved by the team.
+The proposal to release Unomi 1.5.6 is approved by the team.
Thanks,
John Doe 1
@@ -568,10 +584,10 @@ John Doe 1
<h6 id="mail-3" class="pt-3">[3] Announce mailing list template:</h6>
<pre class="alert alert-primary"><code>
-Subject : [ANNOUNCE] Apache Unomi 1.5.5 Release
+Subject : [ANNOUNCE] Apache Unomi 1.5.6 Release
Body:
The Apache Unomi team would like to announce the release of Apache
-Unomi 1.5.5.
+Unomi 1.5.6.
Release notes are here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319220&
@@ -585,10 +601,10 @@ More details regarding Apache Unomi can
http://unomi.apache.org/
The release artifacts can be downloaded here:
-https://dist.apache.org/repos/dist/release/incubator/unomi/1.5.5/
+https://dist.apache.org/repos/dist/release/incubator/unomi/1.5.6/
All JIRAs completed for this release are tagged with 'FixVersion =
-1.5.5'; the JIRA release notes can be found here:
+1.5.6'; the JIRA release notes can be found here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319220&
version=12338361
Modified: unomi/website/documentation.html
URL: http://svn.apache.org/viewvc/unomi/website/documentation.html?rev=1889256&r1=1889255&r2=1889256&view=diff
==============================================================================
--- unomi/website/documentation.html (original)
+++ unomi/website/documentation.html Wed Apr 28 07:43:06 2021
@@ -89,8 +89,8 @@
<div class="card flex-md-row mb-4 box-shadow h-md-250">
<div class="card-body d-flex flex-column align-items-start">
<strong class="d-inline-block mb-2 text-success"><i class="fas fa-circle"></i> Stable</strong>
- <h3 class="mb-0 text-dark">Unomi <span class="text-muted">1.5.4</span></h3>
- <div class="mb-1 text-muted">Last update: November 23rd, 2020</div>
+ <h3 class="mb-0 text-dark">Unomi <span class="text-muted">1.5.5</span></h3>
+ <div class="mb-1 text-muted">Last update: April 27th, 2021</div>
<p class="card-text">
<a href="manual/1_5_x/index.html">online</a><br>
<a target="_blank" href="https://dist.apache.org/repos/dist/release/unomi/1.5.4/unomi-manual-1_5_x.zip">html (zipped)</a>
@@ -365,13 +365,14 @@
<div class="col">
<h2 class="pb-3 mb-3 border-bottom">Security Advisories</h2>
<p>
- CVE-2020-11975 : Remote Code Execution in Apache Unomi
+ <a href="security/cve-2020-11975.txt">CVE-2020-11975</a> : Remote Code Execution in Apache Unomi
</p>
- <a class="btn btn-outline-primary" href="security/cve-2020-11975.txt">Notes</a>
<p>
- CVE-2020-13942 : Remote Code Execution in Apache Unomi
+ <a href="security/cve-2020-13942.txt">CVE-2020-13942</a> : Remote Code Execution in Apache Unomi
+ </p>
+ <p>
+ <a href="security/cve-2021-31164.txt">CVE-2021-31164</a> : CRLF Log injection in Apache Unomi
</p>
- <a class="btn btn-outline-primary" href="security/cve-2020-13942.txt">Notes</a>
</div>
</div>
Modified: unomi/website/download.html
URL: http://svn.apache.org/viewvc/unomi/website/download.html?rev=1889256&r1=1889255&r2=1889256&view=diff
==============================================================================
--- unomi/website/download.html (original)
+++ unomi/website/download.html Wed Apr 28 07:43:06 2021
@@ -87,22 +87,22 @@
<div class="card flex-md-row mb-2 box-shadow h-md-250">
<div class="card-body d-flex flex-column align-items-start">
<strong class="d-inline-block mb-2 text-success"><i class="fas fa-circle"></i> Latest release</strong>
- <h3 class="mb-0 text-dark">Unomi <span class="text-muted">1.5.4</span></h3>
- <div class="mb-1 text-muted">November 23rd, 2020</div>
+ <h3 class="mb-0 text-dark">Unomi <span class="text-muted">1.5.5</span></h3>
+ <div class="mb-1 text-muted">April 27th, 2021</div>
<p class="card-text mb-auto">
Binary Distribution :
- <a target="_blank" href="https://www.apache.org/dyn/closer.lua/unomi/1.5.4/unomi-1.5.4-bin.tar.gz">tar.gz</a>
- [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.tar.gz.asc">PGP</a>]
- [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.tar.gz.sha512">SHA512</a>] -
- <a target="_blank" href="https://www.apache.org/dyn/closer.lua/unomi/1.5.4/unomi-1.5.4-bin.zip">zip</a>
- [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.zip.asc">PGP</a>]
- [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.zip.sha512">SHA512</a>]
+ <a target="_blank" href="https://www.apache.org/dyn/closer.lua/unomi/1.5.5/unomi-1.5.5-bin.tar.gz">tar.gz</a>
+ [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.5/unomi-1.5.5-bin.tar.gz.asc">PGP</a>]
+ [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.5/unomi-1.5.5-bin.tar.gz.sha512">SHA512</a>] -
+ <a target="_blank" href="https://www.apache.org/dyn/closer.lua/unomi/1.5.5/unomi-1.5.5-bin.zip">zip</a>
+ [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.5/unomi-1.5.5-bin.zip.asc">PGP</a>]
+ [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.5/unomi-1.5.5-bin.zip.sha512">SHA512</a>]
</p>
<p class="card-text mb-auto">
Source Distribution :
- <a target="_blank" href="https://www.apache.org/dyn/closer.lua/unomi/1.5.4/unomi-1.5.4-src.zip">zip</a>
- [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.4/unomi-1.5.4-src.zip.asc">PGP</a>]
- [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.4/unomi-1.5.4-src.zip.sha512">SHA512</a>]
+ <a target="_blank" href="https://www.apache.org/dyn/closer.lua/unomi/1.5.5/unomi-1.5.5-src.zip">zip</a>
+ [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.5/unomi-1.5.5-src.zip.asc">PGP</a>]
+ [<a target="_blank" href="https://www.apache.org/dist/unomi/1.5.5/unomi-1.5.5-src.zip.sha512">SHA512</a>]
</p>
<a class="btn btn-outline-dark mt-3" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319220&version=12349372" role="button" target="_blank">Release notes »</a>
</div>
@@ -136,7 +136,7 @@
</code>
<br>
<code>
- % gpg --verify unomi-1.5.4-bin.tar.gz.asc unomi-1.5.4-bin.tar.gz
+ % gpg --verify unomi-1.5.5-bin.tar.gz.asc unomi-1.5.5-bin.tar.gz
</code>
</p>
</div>
@@ -160,6 +160,33 @@
</thead>
<tbody>
<tr>
+ <td>1.5.4</td>
+ <td><a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.tar.gz">tar.gz</a>
+ [<a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.tar.gz.asc">PGP</a>]
+ [<a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.tar.gz.sha512">SHA512</a>]<br>
+ <a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.zip">zip</a>
+ [<a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.zip.asc">PGP</a>]
+ [<a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-bin.zip.sha512">SHA512</a>]
+ </td>
+ <td>
+ <a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-src.zip">zip</a>
+ [<a target="_blank"
+ href="http://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-src.zip.asc">PGP</a>]
+ [<a target="_blank"
+ href="https://archive.apache.org/dist/unomi/1.5.4/unomi-1.5.4-src.zip.sha1">SHA512</a>]
+ </td>
+ <td><a target="_blank"
+ href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12319220&version=12349372">Release
+ Notes</a></td>
+ </tr>
+ <tr>
<td>1.5.3</td>
<td><a target="_blank"
href="https://archive.apache.org/dist/unomi/1.5.3/unomi-1.5.3-bin.tar.gz">tar.gz</a>
Modified: unomi/website/index.html
URL: http://svn.apache.org/viewvc/unomi/website/index.html?rev=1889256&r1=1889255&r2=1889256&view=diff
==============================================================================
--- unomi/website/index.html (original)
+++ unomi/website/index.html Wed Apr 28 07:43:06 2021
@@ -258,6 +258,7 @@
<div class="col-md-12">
<h2 class="featurette-heading">News</h2>
<ul>
+ <li>2021-04-27 Released version 1.5.5</li>
<li>2020-11-23 Released version 1.5.4</li>
<li>2020-11-21 Released version 1.5.3</li>
<li>2020-11-01 Released version 1.5.2</li>
Added: unomi/website/security/cve-2021-31164.txt
URL: http://svn.apache.org/viewvc/unomi/website/security/cve-2021-31164.txt?rev=1889256&view=auto
==============================================================================
--- unomi/website/security/cve-2021-31164.txt (added)
+++ unomi/website/security/cve-2021-31164.txt Wed Apr 28 07:43:06 2021
@@ -0,0 +1,42 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+CVE-2021-31164: CRLF Log injection in Apache Unomi
+
+Severity: Medium
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+This vulnerability affects all versions of Apache Unomi prior to 1.5.5
+
+Description:
+
+Apache Unomi allows CRLF log injection because of lack of escaping in the log statements.
+
+This has been fixed in revision:
+
+https://github.com/apache/unomi/commit/1c088702511ef44a056244cb968682daf8f21946
+
+Migration:
+
+Apache Unomi users should upgrade to 1.5.5 or later.
+
+Credit: This issue was reported by Christos - Minas Mathas
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEFt9+Vnc4Fy+UXwQCfBnR+70asd8FAmCIDQQACgkQfBnR+70a
+sd/GWhAAvWvLtZ2//ZBK6CVvlYB6/eZgFISifAcDCm/551tTIA2q8F6rifM7NWEb
+e07ntX+LxTrbB0ZEmwwLUjUo4KK5LhtjZafE/7Xwj4U0Lo06WiHdH9jsZwNCO+ao
+ikI7tgvdDCbky+xd2mA/f8r0EuQYEKbM+S9S5Qu6nKLivReJQ8Y6PCA3RNUmaiPt
+Ir/Y3WYaETt9c2XhH/OhV9uV1LJhmCU5tRF+9gLmad3nuVPYTMyE967t6t511vXt
+ESoAiRCnb4SCPbybpevhkjqL5wlhxqthswK/O6ZAPWLUhigE2iwv9CXTUQDSv9/I
+hotq3hkfka/PS51GQiVe4IsEyWMw1jW5uXAe+I1BURq7VKPhrhLtNm1qdouay9oN
+rR4QMJAXcHtN2rn3ZqZS+Ck9a/PwiMH3lp4FkI4tx69iG5Q8FPdmYZfLCfuNX0P/
+4YV7TpNFDN0SmE/VA9ms5BeB3ijGwgxkX4UtwahdnSggjBSfhVN/Mgf5CfqwX5Sb
+fA1kdeRQl3+S0tfIDIsvdV5d0uf+CjwGR4pzaNymhj4MJ3FAeWCj5XjDdcE/cLHN
+WuXCxDdMtDZayBP2e3/wssqeOPaNOWf0QWuFV/DV+CyDUkwKxWBtW50xHiJ0lwgI
+GmNbU7t853BWuBK4/nGWMe3lJq70FTfhZPW15qKYffJxIWrjTLk=
+=HiSw
+-----END PGP SIGNATURE-----