You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by bu...@apache.org on 2013/02/23 18:12:53 UTC
svn commit: r851697 - in /websites/staging/maven/trunk/content: ./
maven-site-1.0-site.jar security.html
Author: buildbot
Date: Sat Feb 23 17:12:53 2013
New Revision: 851697
Log:
Staging update by buildbot for maven
Modified:
websites/staging/maven/trunk/content/ (props changed)
websites/staging/maven/trunk/content/maven-site-1.0-site.jar
websites/staging/maven/trunk/content/security.html
Propchange: websites/staging/maven/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Feb 23 17:12:53 2013
@@ -1 +1 @@
-1449339
+1449373
Modified: websites/staging/maven/trunk/content/maven-site-1.0-site.jar
==============================================================================
Binary files - no diff available.
Modified: websites/staging/maven/trunk/content/security.html
==============================================================================
--- websites/staging/maven/trunk/content/security.html (original)
+++ websites/staging/maven/trunk/content/security.html Sat Feb 23 17:12:53 2013
@@ -230,7 +230,7 @@
</div>
<div id="bodyColumn">
<div id="contentBox">
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/g
uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular vulnerability you should upgrade to an Apache Maven version where that vulnerability has been fixed.</p><p>For more information about reporting vulnerabilities, see the <a class="externalLink" href="http://www.apache.org/security/"> Apache Security Team</a> page.</p><div class="section"><h3>CVE-2013-0253 Apache Maven<a name="CVE-2013-0253_Apache_Maven"></a></h3><p>Severity: Medium</p><p>Vendor: The Apache Software Foundation</p><p>Versions Affected:</p><ul><li>Apache Maven 3.0.4</li><li>Apache Maven Wagon 2.1, 2.2, 2.3</li></ul><p>Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity
, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.</p><p>All users are recommended to upgrade to <a href="./download.cgi"> Apache Maven 3.0.5</a> and Apache Maven Wagon 2.4.</p><p>Credit: This issue was identified by Graham Leggett</p></div></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/g
uide-apt-format.html --><div class="section"><h2>Security Vulnerabilities<a name="Security_Vulnerabilities"></a></h2><p>Please note that binary patches are not produced for individual vulnerabilities. To obtain the binary fix for a particular vulnerability you should upgrade to an Apache Maven version where that vulnerability has been fixed.</p><p>For more information about reporting vulnerabilities, see the <a class="externalLink" href="http://www.apache.org/security/"> Apache Security Team</a> page.</p><div class="section"><h3>CVE-2013-0253 Apache Maven 3.0.4<a name="CVE-2013-0253_Apache_Maven_3.0.4"></a></h3><p>Severity: Medium</p><p>Vendor: The Apache Software Foundation</p><p>Versions Affected:</p><ul><li>Apache Maven 3.0.4</li><li>Apache Maven Wagon 2.1, 2.2, 2.3</li></ul><p>Description: Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , d
ate validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.</p><p>All users are recommended to upgrade to <a href="./download.cgi"> Apache Maven 3.0.5</a> and Apache Maven Wagon 2.4.</p><p>Credit: This issue was identified by Graham Leggett</p></div></div>
</div>
</div>
<div class="clear">