You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by fa...@apache.org on 2021/01/13 23:29:33 UTC
svn commit: r1885455 - in /xmlbeans/site: build/site/index.html
build/site/overview.html build/site/resources/index.html
src/documentation/content/xdocs/index.xml
Author: fanningpj
Date: Wed Jan 13 23:29:33 2021
New Revision: 1885455
URL: http://svn.apache.org/viewvc?rev=1885455&view=rev
Log:
add cve to index.html
Modified:
xmlbeans/site/build/site/index.html
xmlbeans/site/build/site/overview.html
xmlbeans/site/build/site/resources/index.html
xmlbeans/site/src/documentation/content/xdocs/index.xml
Modified: xmlbeans/site/build/site/index.html
URL: http://svn.apache.org/viewvc/xmlbeans/site/build/site/index.html?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/build/site/index.html (original)
+++ xmlbeans/site/build/site/index.html Wed Jan 13 23:29:33 2021
@@ -188,7 +188,25 @@ document.write("Last Published: " + docu
or the XMLBeans documentation (the Documentation tab on this website).</p>
</div>
-
+
+<a name="CVE-2021-23926+-+XML+External+Entity+%28XXE%29+Processing+in+Apache+XMLBeans+versions+prior+to+3.0.0+%28January+13%2C+2021%29"></a>
+<h2 class="boxed">CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0 (January 13, 2021)</h2>
+<div class="section">
+<p>Description:<br>
+ When parsing XML files using XMLBeans 2.6.0 or below, the underlying parser
+ created by XMLBeans could be susceptible to XML External Entity (XXE) attacks.</p>
+<p>This issue was fixed a few years ago but on review, we decided we should have a CVE
+ to raise awareness of the issue.</p>
+<p>Mitigation:<br>
+ Affected users are advised to update to Apache XMLBeans 3.0.0 or above
+ which fixes this vulnerability. XMLBeans 4.0.0 or above is preferable.</p>
+<p>References:
+ <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">XML external entity attack</a>
+
+</p>
+</div>
+
+
<a name="Release%3A+Apache+XMLBeans+4.0.0+%28October+16%2C+2020%29"></a>
<h2 class="boxed">Release: Apache XMLBeans 4.0.0 (October 16, 2020)</h2>
<div class="section">
@@ -204,7 +222,7 @@ document.write("Last Published: " + docu
</div>
-<a name="N10055"></a>
+<a name="N1006F"></a>
<h2 class="boxed"></h2>
<div class="section">
<p>
@@ -324,7 +342,7 @@ document.write("Last Published: " + docu
</div>
<div class="copyright">
Copyright ©
- 2004-2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>
+ 2004-2021 <a href="https://www.apache.org/">The Apache Software Foundation</a>
</div>
<div id="logos">
<a href="http://validator.w3.org/check/referer"><img style="height: 31px; width: 88px;" title="Valid HTML 4.01!" alt="Valid HTML 4.01!" src="skin/images/valid-html401.png" class="logoImage"></a><a href="http://jigsaw.w3.org/css-validator/check/referer"><img style="height: 31px; width: 88px;" title="Valid CSS!" alt="Valid CSS!" src="skin/images/vcss.png" class="logoImage"></a>
Modified: xmlbeans/site/build/site/overview.html
URL: http://svn.apache.org/viewvc/xmlbeans/site/build/site/overview.html?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/build/site/overview.html (original)
+++ xmlbeans/site/build/site/overview.html Wed Jan 13 23:29:33 2021
@@ -262,7 +262,7 @@ document.write("Last Published: " + docu
</div>
<div class="copyright">
Copyright ©
- 2004-2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>
+ 2004-2021 <a href="https://www.apache.org/">The Apache Software Foundation</a>
</div>
<div id="feedback">
Send feedback about the website to:
Modified: xmlbeans/site/build/site/resources/index.html
URL: http://svn.apache.org/viewvc/xmlbeans/site/build/site/resources/index.html?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/build/site/resources/index.html (original)
+++ xmlbeans/site/build/site/resources/index.html Wed Jan 13 23:29:33 2021
@@ -237,7 +237,7 @@ document.write("Last Published: " + docu
</div>
<div class="copyright">
Copyright ©
- 2004-2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>
+ 2004-2021 <a href="https://www.apache.org/">The Apache Software Foundation</a>
</div>
<div id="logos">
<a href="http://validator.w3.org/check/referer"><img style="height: 31px; width: 88px;" title="Valid HTML 4.01!" alt="Valid HTML 4.01!" src="../skin/images/valid-html401.png" class="logoImage"></a><a href="http://jigsaw.w3.org/css-validator/check/referer"><img style="height: 31px; width: 88px;" title="Valid CSS!" alt="Valid CSS!" src="../skin/images/vcss.png" class="logoImage"></a>
Modified: xmlbeans/site/src/documentation/content/xdocs/index.xml
URL: http://svn.apache.org/viewvc/xmlbeans/site/src/documentation/content/xdocs/index.xml?rev=1885455&r1=1885454&r2=1885455&view=diff
==============================================================================
--- xmlbeans/site/src/documentation/content/xdocs/index.xml (original)
+++ xmlbeans/site/src/documentation/content/xdocs/index.xml Wed Jan 13 23:29:33 2021
@@ -41,7 +41,24 @@
or the XMLBeans documentation (the Documentation tab on this website).</p>
</section>
- <section>
+ <section><title>CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0 (January 13, 2021)</title>
+ <p>Description:<br/>
+ When parsing XML files using XMLBeans 2.6.0 or below, the underlying parser
+ created by XMLBeans could be susceptible to XML External Entity (XXE) attacks.</p>
+
+ <p>This issue was fixed a few years ago but on review, we decided we should have a CVE
+ to raise awareness of the issue.</p>
+
+ <p>Mitigation:<br/>
+ Affected users are advised to update to Apache XMLBeans 3.0.0 or above
+ which fixes this vulnerability. XMLBeans 4.0.0 or above is preferable.</p>
+
+ <p>References:
+ <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">XML external entity attack</a>
+ </p>
+ </section>
+
+ <section>
<title>Release: Apache XMLBeans 4.0.0 (October 16, 2020)</title>
<p>
Latest release files <a href="site:download/index">are available</a>.
@@ -52,7 +69,7 @@
<a href="https://svn.apache.org/viewvc/xmlbeans/trunk/CHANGES.txt?view=markup">CHANGES.txt</a> or
<a href="https://issues.apache.org/jira/projects/XMLBEANS/versions/12345218">JIRA</a>).
</p>
- </section>
+ </section>
<section>
<title></title>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org