You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by fa...@apache.org on 2021/01/13 23:29:33 UTC

svn commit: r1885455 - in /xmlbeans/site: build/site/index.html build/site/overview.html build/site/resources/index.html src/documentation/content/xdocs/index.xml

Author: fanningpj
Date: Wed Jan 13 23:29:33 2021
New Revision: 1885455

URL: http://svn.apache.org/viewvc?rev=1885455&view=rev
Log:
add cve to index.html

Modified:
    xmlbeans/site/build/site/index.html
    xmlbeans/site/build/site/overview.html
    xmlbeans/site/build/site/resources/index.html
    xmlbeans/site/src/documentation/content/xdocs/index.xml

Modified: xmlbeans/site/build/site/index.html
URL: http://svn.apache.org/viewvc/xmlbeans/site/build/site/index.html?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/build/site/index.html (original)
+++ xmlbeans/site/build/site/index.html Wed Jan 13 23:29:33 2021
@@ -188,7 +188,25 @@ document.write("Last Published: " + docu
                 or the XMLBeans documentation (the Documentation tab on this website).</p>
 </div>
 
- 		
+      
+<a name="CVE-2021-23926+-+XML+External+Entity+%28XXE%29+Processing+in+Apache+XMLBeans+versions+prior+to+3.0.0+%28January+13%2C+2021%29"></a>
+<h2 class="boxed">CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0 (January 13, 2021)</h2>
+<div class="section">
+<p>Description:<br>
+          When parsing XML files using XMLBeans 2.6.0 or below, the underlying parser
+          created by XMLBeans could be susceptible to XML External Entity (XXE) attacks.</p>
+<p>This issue was fixed a few years ago but on review, we decided we should have a CVE
+          to raise awareness of the issue.</p>
+<p>Mitigation:<br>
+          Affected users are advised to update to Apache XMLBeans 3.0.0 or above
+          which fixes this vulnerability. XMLBeans 4.0.0 or above is preferable.</p>
+<p>References:
+          <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">XML external entity attack</a>
+        
+</p>
+</div>
+
+        
 <a name="Release%3A+Apache+XMLBeans+4.0.0+%28October+16%2C+2020%29"></a>
 <h2 class="boxed">Release: Apache XMLBeans 4.0.0 (October 16, 2020)</h2>
 <div class="section">
@@ -204,7 +222,7 @@ document.write("Last Published: " + docu
 </div>
 
         
-<a name="N10055"></a>
+<a name="N1006F"></a>
 <h2 class="boxed"></h2>
 <div class="section">
 <p>
@@ -324,7 +342,7 @@ document.write("Last Published: " + docu
 </div>
 <div class="copyright">
         Copyright &copy;
-         2004-2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>
+         2004-2021 <a href="https://www.apache.org/">The Apache Software Foundation</a>
 </div>
 <div id="logos">
 <a href="http://validator.w3.org/check/referer"><img style="height: 31px; width: 88px;" title="Valid HTML 4.01!" alt="Valid HTML 4.01!" src="skin/images/valid-html401.png" class="logoImage"></a><a href="http://jigsaw.w3.org/css-validator/check/referer"><img style="height: 31px; width: 88px;" title="Valid CSS!" alt="Valid CSS!" src="skin/images/vcss.png" class="logoImage"></a>

Modified: xmlbeans/site/build/site/overview.html
URL: http://svn.apache.org/viewvc/xmlbeans/site/build/site/overview.html?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/build/site/overview.html (original)
+++ xmlbeans/site/build/site/overview.html Wed Jan 13 23:29:33 2021
@@ -262,7 +262,7 @@ document.write("Last Published: " + docu
 </div>
 <div class="copyright">
         Copyright &copy;
-         2004-2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>
+         2004-2021 <a href="https://www.apache.org/">The Apache Software Foundation</a>
 </div>
 <div id="feedback">
     Send feedback about the website to:

Modified: xmlbeans/site/build/site/resources/index.html
URL: http://svn.apache.org/viewvc/xmlbeans/site/build/site/resources/index.html?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/build/site/resources/index.html (original)
+++ xmlbeans/site/build/site/resources/index.html Wed Jan 13 23:29:33 2021
@@ -237,7 +237,7 @@ document.write("Last Published: " + docu
 </div>
 <div class="copyright">
         Copyright &copy;
-         2004-2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>
+         2004-2021 <a href="https://www.apache.org/">The Apache Software Foundation</a>
 </div>
 <div id="logos">
 <a href="http://validator.w3.org/check/referer"><img style="height: 31px; width: 88px;" title="Valid HTML 4.01!" alt="Valid HTML 4.01!" src="../skin/images/valid-html401.png" class="logoImage"></a><a href="http://jigsaw.w3.org/css-validator/check/referer"><img style="height: 31px; width: 88px;" title="Valid CSS!" alt="Valid CSS!" src="../skin/images/vcss.png" class="logoImage"></a>

Modified: xmlbeans/site/src/documentation/content/xdocs/index.xml
URL: http://svn.apache.org/viewvc/xmlbeans/site/src/documentation/content/xdocs/index.xml?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/src/documentation/content/xdocs/index.xml (original)
+++ xmlbeans/site/src/documentation/content/xdocs/index.xml Wed Jan 13 23:29:33 2021
@@ -41,7 +41,24 @@
                 or the XMLBeans documentation (the Documentation tab on this website).</p>
         </section>
 
- 		<section>
+      <section><title>CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0 (January 13, 2021)</title>
+        <p>Description:<br/>
+          When parsing XML files using XMLBeans 2.6.0 or below, the underlying parser
+          created by XMLBeans could be susceptible to XML External Entity (XXE) attacks.</p>
+
+        <p>This issue was fixed a few years ago but on review, we decided we should have a CVE
+          to raise awareness of the issue.</p>
+
+        <p>Mitigation:<br/>
+          Affected users are advised to update to Apache XMLBeans 3.0.0 or above
+          which fixes this vulnerability. XMLBeans 4.0.0 or above is preferable.</p>
+
+        <p>References:
+          <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">XML external entity attack</a>
+        </p>
+      </section>
+
+        <section>
       		<title>Release: Apache XMLBeans 4.0.0 (October 16, 2020)</title>
       		<p>
        		   Latest release files <a href="site:download/index">are available</a>.
@@ -52,7 +69,7 @@
                 <a href="https://svn.apache.org/viewvc/xmlbeans/trunk/CHANGES.txt?view=markup">CHANGES.txt</a> or
                 <a href="https://issues.apache.org/jira/projects/XMLBEANS/versions/12345218">JIRA</a>).
             </p>
-  		</section>
+        </section>
 
         <section>
             <title></title>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org