You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by gi...@apache.org on 2021/12/13 19:05:10 UTC
[directory-site] branch asf-site updated: Updated site from master (6f255f086c5a91e51add0a2c68c65013774e4832)
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/directory-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 013e3e0 Updated site from master (6f255f086c5a91e51add0a2c68c65013774e4832)
013e3e0 is described below
commit 013e3e049864a7842caf14e1aebeee264ee78f7b
Author: jenkins <bu...@apache.org>
AuthorDate: Mon Dec 13 19:05:07 2021 +0000
Updated site from master (6f255f086c5a91e51add0a2c68c65013774e4832)
---
content/fortress/index.html | 15 ++++++++++-----
content/fortress/index.xml | 7 +++----
content/fortress/news.html | 15 ++++++++++-----
content/index.xml | 7 +++----
content/sitemap.xml | 4 ++--
5 files changed, 28 insertions(+), 20 deletions(-)
diff --git a/content/fortress/index.html b/content/fortress/index.html
index 9881db8..4aa9afc 100644
--- a/content/fortress/index.html
+++ b/content/fortress/index.html
@@ -150,11 +150,16 @@
<h1 id="fortress-news">Fortress News</h1>
<h2 class="news">Apache Fortress 2.0.7 Released <em>posted on Dec 12th, 2021</em></h2>
<p>The Apache Directory Project announces the release of Fortress - 2.0.7.</p>
-<p>This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228">CVE-2021-44228</a>.</p>
-<p>It also includes dependency upgrades for Web and Rest deployments to be up-to-date per the latest OWASP vulnerability scans and a couple of other bug fixes.</p>
-<p>If using Apache Fortress 2.0.6, in any of your deployments, it is highly recommended moving to this release. Or, following the other mitigation procedures surrounding this CVE.</p>
-<p>Previous version of Fortress, before 2.0.6, used Log4j v1, and aren’t impacted.</p>
-<p>Contact us on our mailing list if you have any questions.</p>
+<p>This emergency release includes an upgrade to the latest Log4j-core library. This is our response to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228">CVE-2021-44228</a>.</p>
+<p>It also includes other dependency upgrades (to latest Spring Security, Apache CXF and Apache Wicket) for Web and Rest dependencies to be up-to-date per the latest OWASP vulnerability scans and a couple of other misc bug fixes.</p>
+<p>More info about the Log4Shell vulnerability and Apache Fortress:</p>
+<ul>
+<li>If using the Apache Fortress Core 2.0.6, no need to upgrade. It does pull in the Apache Log4j-core lib, but only as a test dependency.</li>
+<li>Dependent apps of the Apache Fortress Core 2.0.6 do not need to upgrade because it does not pull in the Log4j-core lib as a compile or runtime dependency.</li>
+<li>Apache Fortress 2.0.6 Web (Commander) and Rest (Enmasse) deployments are affected. Upgrade immediately, or follow the mitigation procedures as described by the Apache Log4J project.</li>
+<li>Previous versions of Apache Fortress, before 2.0.6, did not use Apache Log4j and aren’t affected.</li>
+<li>Contact us on our mailing list if you have any questions.</li>
+</ul>
<p>The Release notes:</p>
<ul>
<li><a href="https://issues.apache.org/jira/projects/FC/versions/12350941">Fortress 2.0.7 Release Notes</a></li>
diff --git a/content/fortress/index.xml b/content/fortress/index.xml
index a5c6d0c..75882b5 100644
--- a/content/fortress/index.xml
+++ b/content/fortress/index.xml
@@ -300,9 +300,8 @@ Issues, bugs, and feature requests should be submitted to the following issue tr
<guid>https://directory.apache.org/fortress/news.html</guid>
<description>Fortress News Apache Fortress 2.0.7 Released posted on Dec 12th, 2021 The Apache Directory Project announces the release of Fortress - 2.0.7.
-This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to CVE-2021-44228.
-It also includes dependency upgrades for Web and Rest deployments to be up-to-date per the latest OWASP vulnerability scans and a couple of other bug fixes.
-If using Apache Fortress 2.</description>
+This emergency release includes an upgrade to the latest Log4j-core library. This is our response to CVE-2021-44228.
+It also includes other dependency upgrades (to latest Spring Security, Apache CXF and Apache Wicket) for Web and Rest dependencies to be up-to-date per the latest OWASP vulnerability scans and a couple of other misc bug fixes.</description>
</item>
<item>
@@ -843,7 +842,7 @@ Table of contents 1 - An Introduction to Role-Based Access Control ANSI INCITS
<guid>https://directory.apache.org/fortress/</guid>
<description>Apache Fortress&trade; Authorization SDK and Web Components A standards-based authorization platform, written in Java, supports ANSI INCITS 359 RBAC and more. Download Apache
Fortress 2.0.7 Fortress News Apache Fortress 2.0.7 Released posted on Dec 12th, 2021 The Apache Directory Project announces the release of Fortress - 2.0.7.
-This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to CVE-2021-44228.</description>
+This emergency release includes an upgrade to the latest Log4j-core library. This is our response to CVE-2021-44228.</description>
</item>
</channel>
diff --git a/content/fortress/news.html b/content/fortress/news.html
index d3ba2f4..f6ded7f 100644
--- a/content/fortress/news.html
+++ b/content/fortress/news.html
@@ -132,11 +132,16 @@
<h1 id="fortress-news">Fortress News</h1>
<h2 class="news">Apache Fortress 2.0.7 Released <em>posted on Dec 12th, 2021</em></h2>
<p>The Apache Directory Project announces the release of Fortress - 2.0.7.</p>
-<p>This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228">CVE-2021-44228</a>.</p>
-<p>It also includes dependency upgrades for Web and Rest deployments to be up-to-date per the latest OWASP vulnerability scans and a couple of other bug fixes.</p>
-<p>If using Apache Fortress 2.0.6, in any of your deployments, it is highly recommended moving to this release. Or, following the other mitigation procedures surrounding this CVE.</p>
-<p>Previous version of Fortress, before 2.0.6, used Log4j v1, and aren’t impacted.</p>
-<p>Contact us on our mailing list if you have any questions.</p>
+<p>This emergency release includes an upgrade to the latest Log4j-core library. This is our response to <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228">CVE-2021-44228</a>.</p>
+<p>It also includes other dependency upgrades (to latest Spring Security, Apache CXF and Apache Wicket) for Web and Rest dependencies to be up-to-date per the latest OWASP vulnerability scans and a couple of other misc bug fixes.</p>
+<p>More info about the Log4Shell vulnerability and Apache Fortress:</p>
+<ul>
+<li>If using the Apache Fortress Core 2.0.6, no need to upgrade. It does pull in the Apache Log4j-core lib, but only as a test dependency.</li>
+<li>Dependent apps of the Apache Fortress Core 2.0.6 do not need to upgrade because it does not pull in the Log4j-core lib as a compile or runtime dependency.</li>
+<li>Apache Fortress 2.0.6 Web (Commander) and Rest (Enmasse) deployments are affected. Upgrade immediately, or follow the mitigation procedures as described by the Apache Log4J project.</li>
+<li>Previous versions of Apache Fortress, before 2.0.6, did not use Apache Log4j and aren’t affected.</li>
+<li>Contact us on our mailing list if you have any questions.</li>
+</ul>
<p>The Release notes:</p>
<ul>
<li><a href="https://issues.apache.org/jira/projects/FC/versions/12350941">Fortress 2.0.7 Release Notes</a></li>
diff --git a/content/index.xml b/content/index.xml
index 856caf1..6b96014 100644
--- a/content/index.xml
+++ b/content/index.xml
@@ -3898,9 +3898,8 @@ This is a schema aware API, with some convenient ways to access a LDAP server.</
<guid>https://directory.apache.org/fortress/news.html</guid>
<description>Fortress News Apache Fortress 2.0.7 Released posted on Dec 12th, 2021 The Apache Directory Project announces the release of Fortress - 2.0.7.
-This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to CVE-2021-44228.
-It also includes dependency upgrades for Web and Rest deployments to be up-to-date per the latest OWASP vulnerability scans and a couple of other bug fixes.
-If using Apache Fortress 2.</description>
+This emergency release includes an upgrade to the latest Log4j-core library. This is our response to CVE-2021-44228.
+It also includes other dependency upgrades (to latest Spring Security, Apache CXF and Apache Wicket) for Web and Rest dependencies to be up-to-date per the latest OWASP vulnerability scans and a couple of other misc bug fixes.</description>
</item>
<item>
@@ -4745,7 +4744,7 @@ News </description>
<guid>https://directory.apache.org/fortress/</guid>
<description>Apache Fortress&trade; Authorization SDK and Web Components A standards-based authorization platform, written in Java, supports ANSI INCITS 359 RBAC and more. Download Apache
Fortress 2.0.7 Fortress News Apache Fortress 2.0.7 Released posted on Dec 12th, 2021 The Apache Directory Project announces the release of Fortress - 2.0.7.
-This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to CVE-2021-44228.</description>
+This emergency release includes an upgrade to the latest Log4j-core library. This is our response to CVE-2021-44228.</description>
</item>
<item>
diff --git a/content/sitemap.xml b/content/sitemap.xml
index cdc7252..c9127bb 100644
--- a/content/sitemap.xml
+++ b/content/sitemap.xml
@@ -1789,7 +1789,7 @@
<url>
<loc>https://directory.apache.org/fortress.html</loc>
- <lastmod>2021-12-12T15:27:32-06:00</lastmod>
+ <lastmod>2021-12-13T13:03:06-06:00</lastmod>
</url>
<url>
@@ -1939,7 +1939,7 @@
<url>
<loc>https://directory.apache.org/fortress/news.html</loc>
- <lastmod>2021-12-12T15:27:32-06:00</lastmod>
+ <lastmod>2021-12-13T13:03:06-06:00</lastmod>
</url>
<url>